[et_pb_section fb_built=”1″ _builder_version=”4.5.1″ _module_preset=”default” custom_margin=”||-228px|||”][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_column type=”2_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_text _builder_version=”4.5.1″ _module_preset=”default”]<\/p>\n
The newest update of our popular YARA rule feed named VALHALLA adds new features to its web interface.<\/p>\n
The most awaited new feature is a keyword search that allows you to query the database for certain keywords, rule names, reports, MITRE ATT&CK ids or tags.<\/p>\n
The result page shows you if VALHALLA already has related rules in its database.\u00a0<\/p>\n
<\/p>\n
[\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/07\/Screenshot-2020-07-25-at-17.33.42.png” title_text=”Screenshot 2020-07-25 at 17.33.42″ _builder_version=”4.5.1″ _module_preset=”default”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_column type=”2_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_text _builder_version=”4.5.1″ _module_preset=”default”]<\/p>\n
The search results show all rules in our database related to the search keyword.<\/p>\n
You can see the rule name, description, the rule date, a reference URL and a set of links.<\/p>\n
The new search function helps you to determine if VALHALLA and THOR already contain rules for a given report or threat.\u00a0<\/p>\n
[\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/07\/Screenshot-2020-07-25-at-17.57.03.png” title_text=”Screenshot 2020-07-25 at 17.57.03″ _builder_version=”4.5.1″ _module_preset=”default”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”3_5,2_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_column type=”3_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_text _builder_version=”4.5.1″ _module_preset=”default”]<\/p>\n
We have integrated new links that lead you to:<\/p>\n
[\/et_pb_text][\/et_pb_column][et_pb_column type=”2_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/07\/Screenshot-2020-07-25-at-17.55.24.png” title_text=”Screenshot 2020-07-25 at 17.55.24″ _builder_version=”4.5.1″ _module_preset=”default”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_column type=”2_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_text _builder_version=”4.5.1″ _module_preset=”default”]<\/p>\n
The rule info page contains all the details to a certain rule. These include all metadata values liks score, tags, reference links, required YARA version and modules, the rule date and the average AV detection ratio.<\/p>\n
Two additional tables include all antivirus verdicts for samples on which that rule has matched and a list of all observed samples with links to Virustotal.\u00a0<\/p>\n
<\/p>\n
[\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/07\/Screenshot-2020-07-25-at-18.00.21.png” title_text=”Screenshot 2020-07-25 at 18.00.21″ _builder_version=”4.5.1″ _module_preset=”default”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_column type=”2_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_text _builder_version=”4.5.1″ _module_preset=”default”]<\/p>\n
We’ve also added notes on the 2400+ rules that are available as open source in the signature-base<\/a> repository on github, e.g. try\u00a0SUSP_LNK_Big_Link_File<\/a>.<\/p>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/07\/Screenshot-2020-07-27-at-10.08.05.png” title_text=”Screenshot 2020-07-27 at 10.08.05″ _builder_version=”4.5.1″ _module_preset=”default”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_column type=”2_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_text _builder_version=”4.5.1″ _module_preset=”default”]<\/p>\n A new table on the start page informs users about the rules per subscribable category.\u00a0<\/p>\n [\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/07\/Screenshot-2020-07-25-at-18.25.28.png” title_text=”Screenshot 2020-07-25 at 18.25.28″ _builder_version=”4.5.1″ _module_preset=”default”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.5.1″ _module_preset=”default”][et_pb_column type=”4_4″ _builder_version=”4.5.1″ _module_preset=”default”][et_pb_text _builder_version=”4.5.1″ _module_preset=”default”]<\/p>\n Also note that queries of any type to Valhalla are rate limited. Too many requests in a relatively short time frame will lead to complete blocks as well as a high amount of requests over a longe time period and other suspicious activity. Customers can get their source IP addresses whitelisted on request.\u00a0<\/p>\n The new version will be deployed in the coming days.<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" The newest update of our popular YARA rule feed named VALHALLA adds new features to its web interface. The most awaited new feature is a keyword search that allows you to query the database for certain keywords, rule names, reports, MITRE ATT&CK ids or tags. The result page shows you if VALHALLA already has related rules in its database.\u00a0 Keyword Search The search results show all rules in our database related to the search keyword. You can see the rule name, description, the rule date, a reference URL and a set of links. The new search function helps you to determine if VALHALLA and THOR already contain rules for a given report or threat.\u00a0New Links We have integrated new links that lead you to: the reference listed in the rule (report, source) a Virustotal lookup for that rule \/ sample a detailed info page for that specific rule Rule Info Pages The rule info page contains all the details to a certain rule. These include all metadata values liks score, tags, reference links, required YARA version and modules, the rule date and the average AV detection ratio. Two additional tables include all antivirus verdicts for samples on which that rule […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[46,193],"tags":[571,514,572,516,551,48],"class_list":["post-8331","post","type-post","status-publish","format-standard","hentry","category-newsletter","category-valhalla","tag-keyword","tag-lookup","tag-rule-name","tag-search","tag-valhalla","tag-yara"],"yoast_head":"\nCategory Counts<\/h1>\n