One of the main goals of Sigma as a project and Sigma rules specifically has always been to reduce the gap that existed in the detection rules space. As maintainers of the Sigma rule repository we're always striving for reducing that gap and making robust and...
Private Sigma Rule Feed in Valhalla and Partnership with SOC Prime
We are proud to announce the integration of our private Sigma rule set in Valhalla. This rule set is used in our scanner THOR and endpoint agent Aurora. The rule set currently contains more than 250 quality-tested and generic rules written by Nextron's detection...
THOR Log Conversion to CSV
We are excited to announce that the upcoming version 1.11 our tool, THOR Util, now has the capability to convert log output files from both the default and JSON format into CSV files. This new feature will make it easier for users to analyze their log data and extract...
How to scan ESXi systems using THOR
More and more often, adversaries target and exploit Internet-facing appliances or devices with exotic or restricted operating systems. Users ask if there is a way to run a compromise assessment scan on these systems with the YARA rules used in THOR. Following up on...
Virustotal Lookups in THOR v10.7
We're glad to announce a new feature that allows users to enrich events generated by THOR with information from Virustotal. The feature is available in the full THOR v10.7 TechPreview and THOR Lite. It can be used in any scan mode: live endpoint scanning, lab...
Sigma Rule Feed in Valhalla
Nextron Systems has always supported the Sigma project, investing hundreds of work hours into creating and maintaining the community rules shared in the public Sigma rule repository. Apart from the community support, we've created a set of internal detection rules for...
ASGARD 2.14 Release
We've just released the new ASGARD Management Center version 2.14 with important new features. This blog posts lists the most important changes in dedicated chapters. The whole change log can be found at the end of the article. Broker Network The Broker Network allows...
Mjolnir Security: Blue Team Incident Response Training
Our partner Mjolnir Security offers a training named “Blue Team Incident Response Training” from 19th of September to 23rd of September. It’s 3,5 hours a day, starting 4:00 pm and finishing 7:30 pm Eastern time. Each session will be recorded, so you'll also be able to...
New Analysis Cockpit 3.5
New Baselining Views Over the course of the last 18 months we reviewed most of our detections regarding their success in real world scenarios. In this context "success" means, that the detection uncovered malicious activity in the wild and at the same time had a low...
Follina CVE-2022-30190 Detection with THOR and Aurora
The Follina 0day vulnerability (CVE-2022-30190) in Microsoft Windows is actively exploited in-the-wild and highly critical. This blog posts lists some important web resources and the signatures that detect exploitation attempts.Kevin's post contains links to tweets of...
ASGARD v2.13 Release
Over the last 4 months, we've worked on many new UX improvements and the integration of our endpoint agent Aurora. Today, we are glad to announce the release of ASGARD version 2.13. UX Improvements We've reworked many sections and dialogues with user experience (UX)...
Aurora Lite Agent v1.0 Release
After almost half a year of development, we are pleased to announce the release of our free version of the Aurora Agent named Aurora Lite. The Aurora agent is a Sigma-based endpoint agent that offers maximum transparency, flexibility, and confidentiality. It doesn't...