We would like to inform you about three new comfort features that will be available in the upcoming THOR versions including THOR Lite. 

Improved HTML Reports

The new HTML reports allow analysts to filter elements that turn out to be false positives and remove them from the current view. It also adds useful lookup functions for Virustotal, RiskIQ and VALHALLA. 

Filter and remove false positives in your analysis

Apply filters directly from the modules menu and reduce the events to events from module X only

Direct lookups on Virustotal, RiskIQ and VALHALLA right from the report

The new report functions will be available in the upcoming THOR v10.5.10 and THOR TechPreview v10.6.3, which will be released in January 2021. 

Smart Progress Bar

Due to ongoing demand, we’ve added a progress bar to all longer running modules and a progress indicator to all the other modules. So far, we’ve avoided adding a progress bar or any kind of command line output that works with control characters to reduce the risks of side effects caused by THOR running in non-interactive sessions, e.g. with Splunk Forwarders’ scripted input. 

But THOR version 10 is able to determine if it is running in an interactive session and enables the progress bar only in these cases.

Progress bar in “Filescan” module

Progress bar in “Eventlog” module

New Option in Interrupt Menu

Another feature to highlight is the option to skip a module that doesn’t finish or seems to be stalled. 

The interrupt menu (CTRL+C) offers another option (X) to skip the current module and continue with the next one.

WordPress Cookie Plugin by Real Cookie Banner