The new SPARK v1.14.16 supports the sample quarantine protocol named Bifrost.With Bifrost you're able to send suspicious samples that THOR or SPARK detect on endpoints directly to a central server for analysis.A Bifrost server is shipped in form of a Python script...
The new THOR-util version 1.2.4 supports the encryption of your custom signatures so that you can deploy your own IOC files and YARA rules in an encrypted form. We use a public key in the utilities to encrypt the files for our scanners so that admins, Antivirus...
The upcoming ASGARD version 1.5 comes with a IOC management section in which you can manage your own set of IOCs in text files, YARA and Sigma rules.You can then select each of the folders when creating a new scan run with THOR or SPARK. Selecting one of these folders...