[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”4.16″ da_disable_devices=”off|off|off” global_colors_info=”{}” da_is_popup=”off” da_exit_intent=”off” da_has_close=”on” da_alt_close=”off” da_dark_close=”off” da_not_modal=”on” da_is_singular=”off” da_with_loader=”off” da_has_shadow=”on”][et_pb_row admin_label=”row” _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n
Digital forensics and incident response (DFIR) are critical components in the cybersecurity landscape. Evolving threats and complex cyber-attacks make it vital for organizations to have efficient and powerful tools available. If you are not already enjoying the benefits of our ASGARD<\/a> platform and if your are using Velociraptor for DFIR it is worth to read on. In this blog post, we explore the integration of THOR into Velociraptor and the benefits it brings to Velociraptor users.<\/p>\n If you are a technical reader and already know your way around THOR and Velocriaptor you might want to directly jump to the end of the blog.<\/p>\n [\/et_pb_text][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2023\/10\/thor.png” title_text=”thor” _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][et_pb_heading title=”DFIR Platforms” _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_heading][et_pb_text _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n If you’re content with Velociraptor for your endpoint management and wary switching your DFIR platform, we understand your concerns. Hence, we’ve crafted artifacts to integrate THOR, our endpoint scanner, into your existing Velociraptor setup. This integration allows you to leverage THOR’s robust scanning capabilities, ensuring a streamlined, efficient, and non-disruptive addition to your security infrastructure. While we consider ASGARD<\/a> to be the prime solution for managing and evaluating THOR scans, this blog ensures you have a robust alternative that complements and enhances your current security measures without adopting a new platform.<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”3_5,2_5″ _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”3_5″ _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][et_pb_heading title=”Velociraptor – Digging Deeper!” _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_heading][et_pb_text _builder_version=”4.23″ _module_preset=”default” custom_margin=”||29px|||” global_colors_info=”{}”]<\/p>\n “Velociraptor is an advanced digital forensic and incident response tool that enhances your visibility into your endpoints.”<\/em> [\/et_pb_text][et_pb_text _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n Velociraptor is a open-source digital forensic and incident response tool designed to collect, monitor and hunt within your environment. At its core is the Velociraptor Query Language (VQL), a solid framework that allows for the creation of highly customized queries. These queries can be used to collect and monitor data from single or multiple endpoints across a network. VQL queries can be packed into ‘Artifacts’, which are structured YAML files containing named queries for easy searching, execution and sharing with the community. These Artifacts serve as modules, each typically focused on retrieving a specific type of information from an endpoint, which simplifies forensic and monitoring tasks.<\/p>\n <\/p>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”2_5″ _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2023\/10\/velo_logo.svg” title_text=”velo_logo” _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”3_5,2_5″ _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”3_5″ _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][et_pb_heading title=”THOR APT Scanner” _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_heading][et_pb_text _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n THOR is an advanced compromise assessment tool specifically designed to detect hack tools, backdoors, and traces of hacker activities on endpoints that standard Anti-virus solutions often miss. Using over 20,000 YARA signatures and over 24 specific modules, THOR examines systems for signs of attacker tools, system manipulations, and suspicious log activities. THOR has an extensive detection rate, ensuring system stability by monitoring resources and auto-adjusting performance.<\/p>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”2_5″ _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2023\/10\/thor-logo-text.svg” title_text=”thor-logo-text” _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][et_pb_heading title=”Supercharge Your DFIR with Integration” _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_heading][et_pb_text _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n Consider a scenario where you see unusual network activity from a host within your company network. Now, where do you start? [\/et_pb_text][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2023\/10\/notebook.png” title_text=”notebook” _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n We’ve created three Velociraptor artifacts<\/a> for using and leveraging THOR:<\/p>\n [\/et_pb_text][et_pb_heading title=”Get Started” _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_heading][et_pb_text _builder_version=”4.23″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n To get up and running with Velociraptor and THOR see the following links:<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”4.23″ _module_preset=”default” da_disable_devices=”off|off|off” global_colors_info=”{}” da_is_popup=”off” da_exit_intent=”off” da_has_close=”on” da_alt_close=”off” da_dark_close=”off” da_not_modal=”on” da_is_singular=”off” da_with_loader=”off” da_has_shadow=”on”][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" Digital forensics and incident response (DFIR) are critical components in the cybersecurity landscape. Evolving threats and complex cyber-attacks make it vital for organizations to have efficient and powerful tools available. If you are not already enjoying the benefits of our ASGARD platform and if your are using Velociraptor for DFIR it is worth to read on. In this blog post, we explore the integration of THOR into Velociraptor and the benefits it brings to Velociraptor users. If you are a technical reader and already know your way around THOR and Velocriaptor you might want to directly jump to the end of the blog.If you’re content with Velociraptor for your endpoint management and wary switching your DFIR platform, we understand your concerns. Hence, we’ve crafted artifacts to integrate THOR, our endpoint scanner, into your existing Velociraptor setup. This integration allows you to leverage THOR’s robust scanning capabilities, ensuring a streamlined, efficient, and non-disruptive addition to your security infrastructure. While we consider ASGARD to be the prime solution for managing and evaluating THOR scans, this blog ensures you have a robust alternative that complements and enhances your current security measures without adopting a new platform.”Velociraptor is an advanced digital forensic and incident […]<\/p>\n","protected":false},"author":13,"featured_media":17974,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[749,760,87,32,556,248,264],"tags":[13,77,233,727,7,5,607,726,48],"class_list":["post-17961","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-homepage","category-recommended","category-security-monitoring","category-thor","category-thor-cloud","category-thor-lite","category-tool","tag-detection","tag-endpoint","tag-forensic","tag-integration","tag-scanner","tag-thor","tag-thor-lite","tag-velociraptor","tag-yara"],"yoast_head":"\n
https:\/\/docs.velociraptor.app\/<\/a><\/p>\n
This is where THOR shines: With its huge (offline) detection set, it is perfect to start your DFIR process. With THOR you do not need to know what you are looking for, THOR knows on its own! Use the opensource Velociraptor THOR artifact<\/a> (see below) to boost your triage while still working in your familiar Velociraptor UI, using its features for collection, monitoring and mitigation.<\/p>\nVelociraptor THOR Artifacts<\/h3>\n
\n
\n
\n