The Cybersecurity and Infrastructure Safety Company (CISA), in collaboration with Sandia Nationwide Laboratories, right this moment introduced the general public launch of Thorium, a extremely scalable and distributed platform designed for automated file evaluation and outcome aggregation.
The brand new device goals to considerably improve the capabilities of cybersecurity groups by automating complicated evaluation workflows and integrating a big selection of economic, open-source, and custom-built instruments.
Thorium is engineered to assist a wide range of essential mission capabilities, together with in-depth software program evaluation, digital forensics, and incident response.
It gives analysts with a unified system to effectively assess subtle malware threats. Groups that often analyze giant volumes of recordsdata can leverage Thorium to implement scalable automation and index outcomes, streamlining their operations.
“The aim of Thorium is to allow cyber defenders to deliver automation to their present evaluation workflows by means of easy device integration and intuitive event-driven triggers,” CISA said in its announcement.
Key options of the platform embrace its capability for simple device integration, permitting analysts to include command-line instruments as Docker photographs.
It additionally provides highly effective filtering of outcomes by means of tags and full-text searches, and ensures safety with strict group-based permissions controlling entry to submissions, instruments, and outcomes.
FeatureDescriptionEasy Device IntegrationIntegrate command-line instruments as Docker photographs, together with open-source, business, and {custom} instruments.FilteringFilter evaluation outcomes utilizing tags and full-text seek for environment friendly information dealing with.SecurityEnforce group-based permissions to manage entry to submissions, instruments, and outcomes.ScalabilitySupports excessive workload calls for utilizing Kubernetes and ScyllaDB; can ingest over 10 million recordsdata/hour per group.PipeliningDefine occasion triggers and execution sequences to automate workflows.Workflow IntegrationControl the platform through RESTful API, internet interface, or command-line utility for seamless workflow.Consequence AggregationAggregate and index device outputs for deeper evaluation and integration with downstream processes.Device SharingImport and export instruments simply for sharing throughout cyber protection groups.
Considered one of Thorium’s most notable attributes is its immense scalability. Constructed to develop with {hardware} calls for utilizing Kubernetes and ScyllaDB, the platform is configured to ingest over 10 million recordsdata per hour for every permission group and may schedule greater than 1,700 jobs per second, all whereas sustaining quick question efficiency for outcomes.
The platform permits customers to outline occasion triggers and gear execution sequences to automate complete workflows. It may be absolutely managed through a RESTful API and provides a web-based interface or a command-line utility for simple entry.
Moreover, Thorium aggregates and indexes device outputs, getting ready them for deeper evaluation or to be used by different downstream processes.
Instance use instances highlighted by CISA embrace triaging malware with static and dynamic evaluation instruments, mechanically processing host forensic artifacts like emails and reminiscence photographs, and conducting efficiency assessments of assorted instruments on benchmark datasets.
CISA encourages cybersecurity groups to undertake Thorium. Deploying the platform requires a Kubernetes cluster, block retailer, and object retailer, in addition to familiarity with Docker containers. The company is actively searching for suggestions from customers to additional improve Thorium’s capabilities.
Combine ANY.RUN TI Lookup together with your SIEM or SOAR To Analyses Superior Threats -> Attempt 50 Free Trial Searches
