Type | Description |
---|---|
Change | Made YARA more robust - YARA rules will now compile even if there is a duplicate identifier |
Change | Made Sigma more robust - Sigma rules will now compile even if a rule is corrupt |
Change | Removed challenge-response for trial licenses that are host-based |
Change | Updated file types that will trigger a warning if cloaked |
Type | Description |
---|---|
Change | Reverting case-insensitive filename IOC checking |
Docs | New manual (fixed broken references) |
Type | Description |
---|---|
Change | Crash reports are not truncated anymore |
Bugfix | Improved stability of ScheduledTasks module |
Type | Description |
---|---|
Change | Improved Sigma initialization |
Change | Improved THOR Lite initialization |
Type | Description |
---|---|
Feature | THOR Lite (replaces SPARK Core) |
Type | Description |
---|---|
Change | Add https:// protocol to '--bifrost2Server' if missing |
Type | Description |
---|---|
Feature | New flag '--bifrost2Ignore <pattern>' to specify ignore patterns for Bifrost 2 |
Type | Description |
---|---|
Change | Wordings in '--help' section |
Bugfix | Fixed THOR crash when scanning corrupt EVTX file |
Type | Description |
---|---|
Feature | New flags '--ca <path>' and '--insecure' for tls host verification |
Feature | HTTP proxy support for Bifrost 2 and license generation with ASGARD |
Type | Description |
---|---|
Feature | THOR Remote for Windows |
Feature | Bifrost 2 |
Feature | Sigma value modifiers (contains, base64, re, ...) |
Bugfix | Fixed file descriptor leak in PE imphash calculation |
Bugfix | Fixed "has admin rights" output when running with different EUID |
Bugfix | Wrong eventtime in WER module output |