Blog

Filter: Rules - Clear Filter

Sigma Rule Feed in Valhalla

Nextron Systems has always supported the Sigma project, investing hundreds of work hours into creating and maintaining the community rules shared in the public Sigma rule repository. Apart from the community support, we've created a set of internal detection rules for...

read more

Sigma Scanning with THOR

Our compromise assessment scanner THOR is able to apply Sigma rules during the local Eventlog analysis. This can help any customer that has no central SIEM system or performs a live forensic analysis on a system group that does not report to central monitoring.  By...

read more

Remarks on Products and Services

We constantly improve the quality of our products and services, add features and create new bundles. Follow ups with our customers showed that not all of these changes reach their attention. They are often surprised and excited to hear about these features, free tools...

read more

50 Shades of YARA

A long time ago I've noticed that there is no single best YARA rule for a given sample, but different best solutions depending on the user's requirements and use case. I noticed that I often create 2 to 3 YARA rules for a single sample that I process, while each of...

read more

YARA Rule Sets and Rule Feed

As previously announced our YARA rule packs and feeds will be available in March/April 2019. We've put a lot of effort into a internal system named "Mjolnir" that parses, normalizes, filters, tags and automatically modifies our rule base, which contains more than 9000...

read more

SPARK uses Sigma Rules in Eventlog Scan

Sigma is a rule format for threat detection in log files. It is for log data what "Snort rules" are for network traffic or "YARA signatures" are for file data. It is easy to write and read. Writing a Sigma rule is a matter of minutes. On the right you can see a simple...

read more

YARA Rule Creation Crackme

I’ve collected some interesting samples for an internal YARA rule creation training session with our interns. With this blog post, I'll also share 3 new premium feed YARA rules by pushing them to the Open Source signature-base repo. What are the the preliminary...

read more

How to Write Sigma Rules

Sigma is an open standard for rules that allow you to describe searches on log data in generic form. These rules can be converted and applied to many log management or SIEM systems and can even be used with grep on the command line. In this article I'd like to give...

read more

YARA Rules to Detect Uncommon System File Sizes

YARA is an awesome tool especially for incident responders and forensic investigators. In my scanners I use YARA for anomaly detection on files. I already created some articles on "Detecting System File Anomalies with YARA" which focus on the expected contents of...

read more
GDPR Cookie Consent with Real Cookie Banner