THOR TechPreview version 10.7.3 has been released Parsing of email formats .eml / .msg to scan the attachments (RFC-6532) Archive scan improved to include .cab, .7z and .gzip Archive scan improved to scan nested archives recursively Bulk scanning improvements to...
New Analysis Cockpit 3.5
New Baselining Views Over the course of the last 18 months we reviewed most of our detections regarding their success in real world scenarios. In this context "success" means, that the detection uncovered malicious activity in the wild and at the same time had a low...
Product Surveys – Tell us what you think
We'd like to know your opinion on our products and therefore ask you to participate in our product surveys. Each of them takes between 2 and 5 minutes of your time, depending on how much you'd like to tell us.THOR Customer Satisfaction Survey You find the survey...
ASGARD: Check your Signature Versions
It came to our attention that under certain circumstances, after the upgrade to ASGARD 2.11, some ASGARD instances lost their scheduled task to automatically assign the newest signatures to scan jobs . We advice customers to review their update configuration if they...
Nextron Products Unaffected by Log4j Vulnerability CVE-2021-44228
We have reviewed our products in order to identify services that use the vulnerable log4j library. Only Elastic Search in ASGARD Analysis Cockpit uses log4j but is NOT vulnerable. "Elasticsearch is not susceptible to remote code execution with this vulnerability due...
Visit the New Online Manuals
We've converted all our PDF based user manuals into shiny new online versions. The new online versions are hosted on Github and converted into web pages with the help of ReadTheDocs. This way we can update them with new information much faster than before and allow...
End-of-Life ASGARD Analysis Cockpit Version 2
Nextron announces the end-of-sale and end-of-life dates for the ASGARD Analysis Cockpit version 2. Customers with active service contracts will continue to receive support until June 30, 2022, as shown in the table below. End of Life Announcement Date The date the...
THOR Process Memory Matches with Surrounding Strings
Following THOR's approach of showing suspicious elements, it is not feasible to completely avoid false positives. Therefore we always try to provide as much information as possible for an analyst to assess such a suspicious element as quickly as possible. Users liked...
VALHALLA API 1.1 Changes
We've made some changes to VALHALLA and released version 1.1 and valhallAPI version 0.5 to reflect these changes.The new modified date shows when this rule has last been modified. See this example.The modified date will also appear in the JSON feed and metadata of...
Sigma Scanning with THOR
Our compromise assessment scanner THOR is able to apply Sigma rules during the local Eventlog analysis. This can help any customer that has no central SIEM system or performs a live forensic analysis on a system group that does not report to central monitoring. By...
Webinar: Mitigating Persistent Threats using Microsoft Defender ATP and THOR
In our recent webinar with Joe Stocker from Patriot Consulting and Matt Soseman from Microsoft, we had the chance to showcase the integration of THOR into Microsoft Defender ATP. You can register and watch the webinar here.
Upcoming Master ASGARD v2
In the first week of June, we plan to release Master ASGARD v2. Master ASGARD is an ASGARD version that is able to connect to and control an unlimited number of ASGARD servers. While each ASGARD supports 25,000 connected endpoints, a Master ASGARD server can control...