The analysis of Antivirus events can be a tedious task in big organizations with hundreds of events per day. Usually security teams fall back to a mode of operation in which they only analyze events in which a cleanup process has failed or something went wrong. This...
Performance Refactoring in THOR v10.5.9 and THOR TechPreview v10.6.2
We are glad to announce significant performance improvements in the latest versions of THOR. We've refactored several processing units to bulk scan elements that have previously been checked each at a time. These changes affect the modules "Eventlog", "Registry",...
Sigma Scanning with THOR
Our compromise assessment scanner THOR is able to apply Sigma rules during the local Eventlog analysis. This can help any customer that has no central SIEM system or performs a live forensic analysis on a system group that does not report to central monitoring. By...
ASGARD Analysis Cockpit 2.2 Feature Overview
Later this month the new version 2.2 of ASGARD Analysis Cockpit will be released. These are the most important new features. The Optimize Button The new "Optimize" button allows you to add all unassigned log lines to existing cases with matching filters. It is...
New Antivirus Event Analysis Cheat Sheet Version 1.2
Today we release a new version of our "Antivirus Event Analysis" Cheat Sheet that helps you with the analysis of Antivirus events by providing a clear decision matrix. We've updated many of the sections, added new VirusTotal online analysis checks and brought it in a...
Logit – Windows Log Tool für Eventlog und MySQL
Die neue Version 0.3 des Kommandozeilenwerkzeugs zur Protokollierung von Programmausgaben in Dateien und das Windows Eventlog namens Logit unterstützt jetzt auch die Protokollierung in MySQL Datenbanken. Logit erwartet einen Ausgabestrom oder führt selbst ein Programm...