THOR as a Web Service

License Packs

Choose Your Platform

Run the THOR Thunderstorm service on the platform of your choice. We provide unlimited support and an installer for all current Linux platforms. Depending on your use case, we provide hardware recommendations and a setup guide. 

Unlimited Collectors

We license only the THOR Thunderstorm service to which you can connect as many collectors as you have processing resources on the server system (cpu cores, memory, disk space). Smart collector jobs that submit only new files of a certain type can reduce the load to a minimum and allow for thousands of connected endpoints. 

Support and Signature Set Updates

THOR Thunderstorm includes the full THOR YARA rule set, which grows by ~1500 handwritten rules per year. THOR signature updates and support are included in every license pack. 

The Sandbox Integration License Pack is the perfect choice for any kind of analysis pipeline integration of THOR Thunderstorm.

Customers use it to add extend their sample analysis pipeline and add another opinion to the dynamic analysis and Antivirus engines. THOR’s rule set focus on advanced persistent threats and hacking activity in general is the perfect extension of your current capabilities. 

See for yourself how THOR detects samples that other vendors miss in the “Successful YARA Rules in Set” table on VALHALLA’s start page

The Remote Forensic Analysis License Pack is meant to be used with the Thunderstorm Collectors in remote forensic analysis scenarios. 

Simply run the collectors, which are available for any operating system and architecture, to submit files for analysis to THOR Thunderstorm and check its logs for malicious elements. 

This pack can also be used in scenarios in which huge amounts of samples have to be assessed. The processing speed isn’t limited and depends on the number of CPU cores of the system that runs the Thunderstorm service. 

The Cloud Container License Pack is meant for cloud-based analysis  scenarios in which a license cannot be bound to a certain host name.

As a proof-of-concept we’ve modified a fork of BinaryAlert by AirBnB to run with an instance of the THOR Thunderstorm service. 

This setup is able to process millions of samples per minute as it scales with the hardware resources that you add.