Agentless APT Scans
Need to scan for APTs but don’t want to deploy an agent?
One of THOR’s major advantages is, that it is highly flexible and you can run it in so many different ways. Although we recommend to control your scans centrally with ASGARD Management Center, it is not required in order to get solid scan results.
THOR itself is just a binary that you execute on the system that you want to analyse. It does not require you to install anything such as runtime environments or agents.
Here is list of options that we see our customers using when deploying an agent is not an option:
- run THOR manually from a USB drive
- run THOR manually from a mapped network share.
- scheduled a task through the GPO for all your Domain members and run THOR automatically from a network share
- run THOR through any enterprise administrative framework. Remember, it is just a binary that needs to run on your target system.
For collecting the logs there are two options. One is sending the scan results through syslog. The other one is writing log files locally. If you are scanning from a central network share, collecting the logs through another share is a nice and convenient option.
Learn more about analysing THOR logs.
Learn more about central scan control with ASGARD Management Center.