We would like to inform you about three new comfort features that will be available in the upcoming THOR versions including THOR Lite.
Improved HTML Reports
The new HTML reports allow analysts to filter elements that turn out to be false positives and remove them from the current view. It also adds useful lookup functions for Virustotal, RiskIQ and VALHALLA.
Filter and remove false positives in your analysis
Apply filters directly from the modules menu and reduce the events to events from module X only
Direct lookups on Virustotal, RiskIQ and VALHALLA right from the report
The new report functions will be available in the upcoming THOR v10.5.10 and THOR TechPreview v10.6.3, which will be released in January 2021.
Smart Progress Bar
Due to ongoing demand, we’ve added a progress bar to all longer running modules and a progress indicator to all the other modules. So far, we’ve avoided adding a progress bar or any kind of command line output that works with control characters to reduce the risks of side effects caused by THOR running in non-interactive sessions, e.g. with Splunk Forwarders’ scripted input.
But THOR version 10 is able to determine if it is running in an interactive session and enables the progress bar only in these cases.
Progress bar in “Filescan” module
Progress bar in “Eventlog” module
New Option in Interrupt Menu
Another feature to highlight is the option to skip a module that doesn’t finish or seems to be stalled.
The interrupt menu (CTRL+C) offers another option (X) to skip the current module and continue with the next one.