The Cybersecurity and Infrastructure Security Agency (CISA), working alongside Sandia National Laboratories, has announced that Thorium is now available for public use. This platform is designed to help cybersecurity teams automate file analysis and improve the efficiency of their threat detection workflows.
Scalable Solution for Modern Cybersecurity Challenges
Thorium is a distributed platform that brings together various tools, whether commercial, open-source, or custom, into a single environment. Built on Kubernetes and ScyllaDB, it can process over 10 million files per hour per permission group, allowing teams to analyze large amounts of data quickly. Its architecture supports rapid querying and results indexing, making it easier to handle complex malware investigations and digital forensics.
The platform enables analysts to set up automated workflows with event triggers and sequences of tool executions. Results can be filtered using tags or full-text search, and access is managed through strict group-based permissions to ensure security and control.
Flexible Integration and Control
Thorium offers a RESTful API that allows users to manage workflows, aggregate outputs, and integrate with other systems or downstream processes. Command-line tools can be incorporated as Docker images, providing additional flexibility for automation and customization.
CISA encourages cybersecurity teams to adopt Thorium and share their feedback which helps improve the platform’s capabilities and better support threat analysis efforts.
For more information, visit Thorium’s Github repo or CISA’s official announcement post here.
Leave a Reply