A1000

Investigation & Hunting

The A1000 provides advanced hunting and investigations through the TitaniumCore high-speed automated static analysis engine, and integrates with file reputation services to provide in-depth rich context and threat classification on over 10 billion files across all supported file types. It supports visualization, APIs for automated workflows, global and local YARA Rules matching, and integration with third-party sandbox tools.

Download Datasheet
Investigation & Hunting
A1000 - High-Priority Classification Driving Down MTTR

High-Priority Classification Driving Down MTTR

  • Analysis Engine performs high-speed, static analysis to unpack files, extract internal indicators and assign a threat level
  • Integrated with file reputation services to provide in-depth rich context and threat classification on over 10 billion files and across all file types
  • Visualization GUI for quickly viewing classification, threat level and understanding functional similarity and metadata indicators

 

A1000 - Advanced Search for Analysis and Triage

Advanced Search for Analysis and Triage

  • Build powerful queries with search modifiers and operators with up to 500+ unique search expressions
  • Perform targeted queries on large sample datasets, search by hash, imphash, file name, #tags and more
  • Enables pivots on functional similarity and threat indicators to obtain complete insights into threats
Retro Hunting for Threat Intel and Hunter Teams

Retro Hunting for Threat Intel and Hunter Teams

  • Securely store files with all context in the onboard database for future collaborative search, analysis, hunting and development of local threat intelligence.
  • Use multiple YARA rulesets (ReversingLabs supplied or custom YARA rules) to traverse large historical sample sets quickly in order to greatly enhance detection and reduce impact from breaches and targeted campaigns.
  • For more efficient hunting, subscribe up to to six unique Alerts that include YARA ruleset match, classification change and more.
Overview

The A1000 Malware Analysis Platform supports advanced hunting and investigations through the TitaniumCore high-speed automated static analysis engine. It is integrated with file reputation services to provide in-depth rich context and threat classification on over 10 billion files and across all file types. The A1000 supports visualization, APIs for integration with automated workflows, a dedicated database for malware search, global and local YARA Rules matching, as well as integration with 3rd party sandbox tools.

A1000 Malware Analysis and Hunting

The A1000 accelerates analysis for users at different levels from the helpdesk to an 'analyst workbench’ for deeper analysis. It assesses malware and malware status changes as malware families morph over time via obfuscation and other techniques. Integration with TitaniumCloud enables users to search across 10 billion goodware and malware files and to privately upload files samples for analysis.

Features

Integrated Malware Analysis & Investigation

  • Analysis Engine performs high-speed, static analysis to unpack files, extract internal indicators and assign a threat level
  • Integrated database enables safe, secure storage of results and to search samples by threat indicators
  • Visualization GUI for quickly understanding critical info

Automated Static File Analysis

  • Processes files within milliseconds
  • Evaluates functional similarity to known malware
  • Build and deploy custom YARA rules
  • Identifies more than 3600 file formats
  • Unpacks over 360 file formats of archives, installers, packers & compressors
  • Extracts over 3000 threat indicators

Private Content Repository

  • Provides safe storage of malicious/suspicious files
  • Stores file context in an onboard searchable database
  • Enables private, safe sample sharing & historical analysis

Extensive Search & Hunting

  • Search by hash, imphash, file name, #tags and more
  • Enables pivots on functional similarity and threat indicators
  • Supports user-defined YARA Rules for matching and hunting

Alerting Subscription and Management

  • Easy to subscribe to the following alerts: Classification change, Sample availability, YARA Ruleset match, Cuckoo Analysis complete, File Upload complete, TitaniumCloud scan complete

Customer Option: Advanced Search

  • Build powerful queries with search modifiers and operators
  • Select from hundreds of expressions and dozens of keywords
  • Identify files according to antivirus detections
  • Perform targeted queries on large sample datasets

Customer Option: Active YARA & Retro-YARA Rules

  • Users can hunt through 90 days of data history
  • Real-time updates are provided with full results in < 2hrs
  • Progress is reported via API or GUI for real-time updates

Integrated with TitaniumCloud File Reputation Services

  • Access to a comprehensive, curated source of threat intelligence and reputation data on 8 billion Goodware and Malware for global context
  • Enables upload/download samples via GUI
  • Supports YARA Rules Search

Supports Integration

  • Supports automated analysis workflows via REST Web Services API
  • Integrates directly with Cuckoo and Joe Sandbox
  • Delivered as hardware, VMDK or Cloud-based appliance