New Baselining Views Over the course of the last 18 months we reviewed most of our detections regarding their success in real world scenarios. In this context "success" means, that the detection uncovered malicious activity in the wild and at the same time had a low...
Follina CVE-2022-30190 Detection with THOR and Aurora
The Follina 0day vulnerability (CVE-2022-30190) in Microsoft Windows is actively exploited in-the-wild and highly critical. This blog posts lists some important web resources and the signatures that detect exploitation attempts.Kevin's post contains links to tweets of...
ASGARD v2.13 Release
Over the last 4 months, we've worked on many new UX improvements and the integration of our endpoint agent Aurora. Today, we are glad to announce the release of ASGARD version 2.13. UX Improvements We've reworked many sections and dialogues with user experience (UX)...
Aurora Lite Agent v1.0 Release
After almost half a year of development, we are pleased to announce the release of our free version of the Aurora Agent named Aurora Lite. The Aurora agent is a Sigma-based endpoint agent that offers maximum transparency, flexibility, and confidentiality. It doesn't...
ASGARD v2.12 Released
The new ASGARD Management Center version 2.12 adds new features and fixes several issues that were introduced with the version 2.11 in December last year.Better Sigma Rule Management We've added new features and improved the usability of the sigma rule management...
Product Surveys – Tell us what you think
We'd like to know your opinion on our products and therefore ask you to participate in our product surveys. Each of them takes between 2 and 5 minutes of your time, depending on how much you'd like to tell us.THOR Customer Satisfaction Survey You find the survey...
ASGARD: Check your Signature Versions
It came to our attention that under certain circumstances, after the upgrade to ASGARD 2.11, some ASGARD instances lost their scheduled task to automatically assign the newest signatures to scan jobs . We advice customers to review their update configuration if they...
Log4j Evaluations with ASGARD
We've created two ASGARD playbooks that can help you find Log4j libraries affected by CVE-2021-44228 (log4shell) and CVE-2021-45046 in your environment. Both playbooks can be found in our public Github repository. We've created a playbook named "log4j-analysis" that...
Log4Shell Detection with Nextron Rules
The Log4Shell vulnerability (CVE-2021-44228) in log4j is actively exploited in-the-wild and highly critical. This blog posts lists some important web resources and the signatures that detect exploitation attempts.LunaSec reported first on the vulnerability.Use this...
Aurora – Sigma-Based EDR Agent – Preview
The following recorded video session includes information about our new Sigma-based EDR agent called "Aurora" and the free "Aurora Lite". It's a preview of the agent with information on its features, limits, advantages and a live demo. The release is scheduled for...
ASGARD 2.11 Release
We are glad to announce a new ASGARD Management Center (AMC) release with exciting new features and improvements.Sigma LogWatcher LogWatcher is a new service that applies Sigma rules to Windows Eventlog entries. It uses the big public Sigma rule base and has access to...
TryHackMe Training Room for THOR Lite
Since THOR and THOR Lite are tools written for digital forensic experts, they can be difficult to use. There is often a steep learning curve in the beginning. We'd like to help new users pass these first steps in a playful way by providing a TryHackMe challenge in...