Today, CISA, in partnership with Sandia National Laboratories, announced the public availability of Thorium, a scalable and distributed platform for automated file analysis and result aggregation. Thorium enhances cybersecurity teams’ capabilities by automating analysis workflows through seamless integration of commercial, open-source, and custom tools. It supports various mission functions, including software analysis, digital forensics, and incident response, allowing analysts to efficiently assess complex malware threats.
Thorium enables teams that frequently analyze files to achieve scalable automation and results indexing within a unified platform. Analysts can integrate command-line tools as Docker images, filter results using tags and full-text search, and manage access with strict group-based permissions.
Designed to scale with hardware using Kubernetes and ScyllaDB, Thorium can ingest over 10 million files per hour per permission group while maintaining rapid query performance. It also allows users to define event triggers and tool execution sequences, control the platform via RESTful API, and aggregate outputs for further analysis or integration with downstream processes.
CISA encourages cybersecurity teams to use Thorium and provide feedback to enhance its capabilities. For more information on Thorium and how it can improve your cybersecurity operations, see CISA’s Thorium resource webpage.
Today, CISA, in partnership with Sandia National Laboratories, announced the public availability of Thorium, a scalable and distributed platform for automated file analysis and result aggregation. Thorium enhances cybersecurity teams’ capabilities by automating analysis workflows through seamless integration of commercial, open-source, and custom tools. It supports various mission functions, including software analysis, digital forensics, and incident response, allowing analysts to efficiently assess complex malware threats.
Thorium enables teams that frequently analyze files to achieve scalable automation and results indexing within a unified platform. Analysts can integrate command-line tools as Docker images, filter results using tags and full-text search, and manage access with strict group-based permissions.
Designed to scale with hardware using Kubernetes and ScyllaDB, Thorium can ingest over 10 million files per hour per permission group while maintaining rapid query performance. It also allows users to define event triggers and tool execution sequences, control the platform via RESTful API, and aggregate outputs for further analysis or integration with downstream processes.
CISA encourages cybersecurity teams to use Thorium and provide feedback to enhance its capabilities. For more information on Thorium and how it can improve your cybersecurity operations, see CISA’s Thorium resource webpage.
Leave A Reply