Solutions Matrix

Endless Possibilities
Our products are very flexible and can be combined in many ways to build the optimal solution or integrate seamlessly into your existing infrastructure and workstream.

THOR as a Plugin
The flexible and portable character of THOR allows deploying it in many different ways. Our customers have integrated THOR as an additional scanner in their malware analysis pipeline, use it in their EDR to scan collected samples and deploy it in live response sessions.

Proof of Concepts with Free Versions
To provide a proof-of-concept or demo environment, you can always use the free versions of THOR or VALHALLA to get things going.
Use Cases and Solutions
Use Case | Description | Recommended Products | Remarks |
---|---|---|---|
Lab Scanning (Forensic Images) |
Accelerated forensic analysis of images collected from end systems | THOR |
|
Lab Scanning (Malware Analysis Pipeline) |
Integration of Nextrons signature matching into a malware analysis pipeline | THOR in Dropzone Mode |
|
VALHALLA YARA Rule Feed |
|
||
Single System Live Forensics | On-demand live forensic scans to verify findings from your SOC team | THOR |
|
THOR Cloud |
|
||
THOR with ASGARD |
|
||
Triage | Network wide scans with custom indicators to evaluate the extent of a compromise | THOR |
|
THOR with ASGARD and Analysis Cockpit |
|
||
Continuous Compromise Assessment | Recurring compromise assessments with a thorough initial analysis and minimal effort after the first baselining | THOR with ASGARD and Analysis Cockpit |
|
Supercharged Detection in 3rd Party Products | Integration of Nextrons signature matching into 3rd party products | VALHALLA YARA Rule Feed |
|
Incident Response and Evidence Collection | Run custom playbooks and evidence collection tasks on an unlimited amount of endpoints | ASGARD |
|
Integration Examples

Microsoft Defender and THOR
Microsoft Defender ATP fully plays off its strength in detecting live attacks, suspicious process starts and network connections. THOR shines as a live forensic scanner that scans the local filesystem, registry, logs and other elements for traces of hacking activity. You can find more information on that integration here.

VALHALLA YARA rules and FireEye NX/EX
Customers retrieve our rule sets and integrate them into their FireEye appliances. The command line client for VALHALLA supports filters that make it easy to get only the rules that are supported by the appliances. Remember that you can test the integration of over 4,000 open source rules using the DEMO API key.