{"id":7806,"date":"2020-05-15T11:25:00","date_gmt":"2020-05-15T09:25:00","guid":{"rendered":"https:\/\/www.nextron-systems.com\/?p=7806"},"modified":"2022-03-25T14:14:58","modified_gmt":"2022-03-25T13:14:58","slug":"new-valhalla-features-that-you-might-have-missed","status":"publish","type":"post","link":"https:\/\/www.nextron-systems.com\/2020\/05\/15\/new-valhalla-features-that-you-might-have-missed\/","title":{"rendered":"New VALHALLA Features That You Might Have Missed"},"content":{"rendered":"

[et_pb_section fb_built=”1″ _builder_version=”4.4.6″][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.4.6″][et_pb_column type=”2_5″ _builder_version=”4.4.6″][et_pb_text _builder_version=”4.4.6″]<\/p>\n

Rule Info Pages<\/h1>\n

The new rule info pages allow you to get more information on a certain rule. You can find all the meta data, as well as past rule matches and previous antivirus verdicts.<\/p>\n

A second tab contains statistics.\u00a0<\/p>\n

You can also report false positives that you’ve encountered with that rule using the button in the tab bar.\u00a0<\/p>\n

Note that the rule info lookups in the web GUI are rate limited. If you query rule infos too often, you get blocked.<\/p>\n

The rule info pages can be access using this URL scheme:\u00a0<\/p>\n

https:\/\/valhalla.nextron-systems.com\/info\/rule\/RULE_NAME<\/p>\n

For example:<\/p>\n

https:\/\/valhalla.nextron-systems.com\/info\/rule\/HKTL_Empire_ShellCodeRDI_Dec19_1<\/a><\/p>\n

 <\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.4.6″][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/05\/Screenshot-2020-05-15-at-10.03.41.png” title_text=”Screenshot 2020-05-15 at 10.03.41″ _builder_version=”4.4.6″][\/et_pb_image][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/05\/Screenshot-2020-05-15-at-10.38.38.png” title_text=”Screenshot 2020-05-15 at 10.38.38″ _builder_version=”4.4.6″][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.4.6″][et_pb_column type=”2_5″ _builder_version=”4.4.6″][et_pb_text _builder_version=”4.4.6″]<\/p>\n

Rule Info & Hash Info<\/h1>\n

The rule info<\/a> and hash info<\/a> API endpoints are available for customers with valid API key only.<\/p>\n

The API is not rate limited.<\/p>\n

Customers can find information on how to use these end points\u00a0here<\/a>.<\/p>\n

 <\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.4.6″][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/05\/Screenshot-2020-05-15-at-10.54.15.png” title_text=”Screenshot 2020-05-15 at 10.54.15″ _builder_version=”4.4.6″][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.4.6″][et_pb_column type=”2_5″ _builder_version=”4.4.6″][et_pb_text _builder_version=”4.4.6″]<\/p>\n

Automated Tagging<\/h1>\n

The automated tagging has been extended to included MITRE ATT&CK threat actor group IDs.\u00a0<\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.4.6″][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/05\/Screenshot-2020-05-13-at-13.09.21.png” title_text=”Screenshot 2020-05-13 at 13.09.21″ _builder_version=”4.4.6″][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.4.6″][et_pb_column type=”2_5″ _builder_version=”4.4.6″][et_pb_text _builder_version=”4.4.6″]<\/p>\n

Status Includes Version<\/h1>\n

The status endpoint now includes a version number.<\/p>\n

The version number is an integer value generated from the last update timestamp using a format string “%Y%m%d%H”. This way it is not just a version number that you can compare with you local last change (e.g. “>=”) but also an implicit timestamp.<\/p>\n

You can access that endpoint via POST request (\/api\/v1\/status) or Python API’s “get_status()<\/a>” function.<\/p>\n

 <\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.4.6″][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/05\/Screenshot-2020-05-15-at-11.17.48.png” title_text=”Screenshot 2020-05-15 at 11.17.48″ _builder_version=”4.4.6″][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.4.6″][et_pb_column type=”4_4″ _builder_version=”4.4.6″][et_pb_text _builder_version=”4.4.6″]<\/p>\n

You can find more information on Valhalla on our web page<\/a>.<\/p>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

Rule Info Pages The new rule info pages allow you to get more information on a certain rule. You can find all the meta data, as well as past rule matches and previous antivirus verdicts. A second tab contains statistics.\u00a0 You can also report false positives that you’ve encountered with that rule using the button in the tab bar.\u00a0 Note that the rule info lookups in the web GUI are rate limited. If you query rule infos too often, you get blocked. The rule info pages can be access using this URL scheme:\u00a0 https:\/\/valhalla.nextron-systems.com\/info\/rule\/RULE_NAME For example: https:\/\/valhalla.nextron-systems.com\/info\/rule\/HKTL_Empire_ShellCodeRDI_Dec19_1  Rule Info & Hash Info The rule info and hash info API endpoints are available for customers with valid API key only. The API is not rate limited. Customers can find information on how to use these end points\u00a0here.  Automated Tagging The automated tagging has been extended to included MITRE ATT&CK threat actor group IDs.\u00a0Status Includes Version The status endpoint now includes a version number. The version number is an integer value generated from the last update timestamp using a format string “%Y%m%d%H”. This way it is not just a version number that you can compare with you local last change (e.g. “>=”) […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[46,193],"tags":[159,158,142,552,551,48],"class_list":["post-7806","post","type-post","status-publish","format-standard","hentry","category-newsletter","category-valhalla","tag-api","tag-feed","tag-threat-intel","tag-threat-intelligence","tag-valhalla","tag-yara"],"yoast_head":"\nNew VALHALLA Features That You Might Have Missed - Nextron Systems<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.nextron-systems.com\/2020\/05\/15\/new-valhalla-features-that-you-might-have-missed\/\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.nextron-systems.com\/2020\/05\/15\/new-valhalla-features-that-you-might-have-missed\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2020\/05\/15\/new-valhalla-features-that-you-might-have-missed\/\"},\"author\":{\"name\":\"Florian Roth\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\"},\"headline\":\"New VALHALLA Features That You Might Have Missed\",\"datePublished\":\"2020-05-15T09:25:00+00:00\",\"dateModified\":\"2022-03-25T13:14:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2020\/05\/15\/new-valhalla-features-that-you-might-have-missed\/\"},\"wordCount\":579,\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"keywords\":[\"api\",\"feed\",\"threat intel\",\"threat intelligence\",\"VALHALLA\",\"YARA\"],\"articleSection\":[\"Newsletter\",\"VALHALLA\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.nextron-systems.com\/2020\/05\/15\/new-valhalla-features-that-you-might-have-missed\/\",\"url\":\"https:\/\/www.nextron-systems.com\/2020\/05\/15\/new-valhalla-features-that-you-might-have-missed\/\",\"name\":\"New VALHALLA Features That You Might Have Missed - Nextron Systems\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#website\"},\"datePublished\":\"2020-05-15T09:25:00+00:00\",\"dateModified\":\"2022-03-25T13:14:58+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.nextron-systems.com\/2020\/05\/15\/new-valhalla-features-that-you-might-have-missed\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.nextron-systems.com\/#website\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"name\":\"Nextron Systems\",\"description\":\"We Detect Hackers\",\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.nextron-systems.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\",\"name\":\"Nextron Systems GmbH\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"contentUrl\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"width\":260,\"height\":260,\"caption\":\"Nextron Systems GmbH\"},\"image\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\",\"name\":\"Florian Roth\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"caption\":\"Florian Roth\"},\"description\":\"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.\",\"url\":\"https:\/\/www.nextron-systems.com\/author\/florian\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New VALHALLA Features That You Might Have Missed - Nextron Systems","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.nextron-systems.com\/2020\/05\/15\/new-valhalla-features-that-you-might-have-missed\/","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.nextron-systems.com\/2020\/05\/15\/new-valhalla-features-that-you-might-have-missed\/#article","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/2020\/05\/15\/new-valhalla-features-that-you-might-have-missed\/"},"author":{"name":"Florian Roth","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919"},"headline":"New VALHALLA Features That You Might Have Missed","datePublished":"2020-05-15T09:25:00+00:00","dateModified":"2022-03-25T13:14:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.nextron-systems.com\/2020\/05\/15\/new-valhalla-features-that-you-might-have-missed\/"},"wordCount":579,"publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"keywords":["api","feed","threat intel","threat intelligence","VALHALLA","YARA"],"articleSection":["Newsletter","VALHALLA"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.nextron-systems.com\/2020\/05\/15\/new-valhalla-features-that-you-might-have-missed\/","url":"https:\/\/www.nextron-systems.com\/2020\/05\/15\/new-valhalla-features-that-you-might-have-missed\/","name":"New VALHALLA Features That You Might Have Missed - Nextron Systems","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/#website"},"datePublished":"2020-05-15T09:25:00+00:00","dateModified":"2022-03-25T13:14:58+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.nextron-systems.com\/2020\/05\/15\/new-valhalla-features-that-you-might-have-missed\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.nextron-systems.com\/#website","url":"https:\/\/www.nextron-systems.com\/","name":"Nextron Systems","description":"We Detect Hackers","publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.nextron-systems.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.nextron-systems.com\/#organization","name":"Nextron Systems GmbH","url":"https:\/\/www.nextron-systems.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","contentUrl":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","width":260,"height":260,"caption":"Nextron Systems GmbH"},"image":{"@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919","name":"Florian Roth","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","caption":"Florian Roth"},"description":"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.","url":"https:\/\/www.nextron-systems.com\/author\/florian\/"}]}},"_links":{"self":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/7806","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/comments?post=7806"}],"version-history":[{"count":5,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/7806\/revisions"}],"predecessor-version":[{"id":7818,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/7806\/revisions\/7818"}],"wp:attachment":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/media?parent=7806"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/categories?post=7806"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/tags?post=7806"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}