BETA: May 2020, RELEASE: June 2020
THOR Cloud provides on-demand live forensic scans right at your fingertips.
THOR Cloud doesn’t require an on-premise system for licensing and scanner package downloads. All you need is a small script that we call THOR Seed. It acts as nucleus of a comprehensive on-demand forensic investigation using our scanner THOR. Our customer portal provides a preconfigured version of THOR Seed that already includes your API key.
You just have to run it – it will license the end system and automatically download the required scan components for the respective operating system and architecture.
No Requirements - No Hustle
No local servers, no local management system, no local update tools, no local licensing servers – all that you need is a script with your preset API token. Everything else is retrieved at runtime.
With THOR Cloud you can easily extend your analysis with in-depth forensic scans. These scans give your analysts a second opinion on security events and thus speed up analysis and avoid costly manual investigations.
You can easily integrate THOR cloud into your existing infrastructure and toolset. The scripts and THOR itself are extremely flexible and feature-rich.
THOR Cloud Overview
THOR Cloud facilitates the use of THOR by providing everything you need in a simple script.
Setup costs are almost non-existent as you don’t need local servers, local management consoles or local update tasks.
The cloud-based solution provides you a current version of THOR including the newest signatures right at the moment when you need it most.
THOR Seed Script
All that is needed is a single script that you can download from our portal’s download page. That script contains your dedicated download token, which is used to access the THOR Cloud API.
By using that script on an end system, you use up one license and can run it as often as you like within the license lifetime (usually 3 days).
You can find more information on THOR Seed in our github repository. The version provided on our THOR Cloud download page is the open source version prefilled with your custom download token.
The scripts contain preset configs that you can easily adjust to your needs. The preset confis help you choose the right flags for your specific use cases.
False Positive Filters
Simple false positive definitions in the scripts allow you to reduce the noise and filter out suspicious elements and findings that are specialities of your environment.
Scans produce different output files. One of them is an HTML report that give analysts a prioritized view on the scan log.
It only takes minutes to investigate and qualify security events. It’s a perfect extension to support your SIEM or EDR analysts gathering more information and forensic evidence.