Digital forensics and incident response (DFIR) are critical components in the cybersecurity landscape. Evolving threats and complex cyber-attacks make it vital for organizations to have efficient and powerful tools available. If you are not already enjoying the...
Aurora Lite Agent v1.0 Release
After almost half a year of development, we are pleased to announce the release of our free version of the Aurora Agent named Aurora Lite. The Aurora agent is a Sigma-based endpoint agent that offers maximum transparency, flexibility, and confidentiality. It doesn't...
Aurora – Sigma-Based EDR Agent – Preview
The following recorded video session includes information about our new Sigma-based EDR agent called "Aurora" and the free "Aurora Lite". It's a preview of the agent with information on its features, limits, advantages and a live demo. The release is scheduled for...
Sigma Scanning with THOR
Our compromise assessment scanner THOR is able to apply Sigma rules during the local Eventlog analysis. This can help any customer that has no central SIEM system or performs a live forensic analysis on a system group that does not report to central monitoring. By...
THOR 10 Fusion Released
THOR 10 Fusion has arrived. It replaces our successful scanners THOR 8 and SPARK and combines the best of both worlds. It is a completely new code base that features all modules of our 4 year old compromise assessment flagship THOR 8 and the speed and extra features...
Upcoming : THOR 10 “Fusion”
We are proud to announce the upcoming release of THOR 10 code named "Fusion". It will replace our scanners THOR 8 and SPARK before the end of this year. Both of the current scanners will still receive updates until the end of this year. THOR 10 "Fusion" combines the...
STIXv2 Support in SPARK
SPARK Version 1.17.0 adds extensive STIXv2 support.This allows you to easily extend SPARK's signature bases with IOCs from any sandbox, analysis or threat intel platforms that support STIXv2 export by placing the exported [cci]*.json[/cci] files in the...
SPARK uses Sigma Rules in Eventlog Scan
Sigma is a rule format for threat detection in log files. It is for log data what "Snort rules" are for network traffic or "YARA signatures" are for file data. It is easy to write and read. Writing a Sigma rule is a matter of minutes. On the right you can see a simple...
ASGARD Management Center version 1.4
Release notification of the ASGARD Management Center version 1.4 We have release version 1.4 for ASGARD. This version has major improvements in usability, flexibility, stability and performance. Plan and run THOR and SPARK scans on up to 10.000 endpoints – with a...
Synergetic Effects of Network and Host Based APT Detection
People often ask me if they still need our host based scanner THOR now that they have bought a network appliance that already checks all content that goes into and leaves their network. I normally answer that it is not a question of one solution versus another, but a...