Nextron Systems

Nextron Systems is the global leader in compromise assessment software for cyber security. It helps cyber security analytics teams detect and analyze hackers and malicious activity on various operating systems, such as Microsoft Windows, Linux, and macOS. Its products include THOR, a scanner that automates compromise assessments and forensic analysis by using thousands of patterns, YARA, and Sigma rules to preprocess forensic images and highlight suspicious elements. It also offers ASGARD, a management center that controls and monitors THOR scans, and VALHALLA, a feed of high-quality threat intelligence that provides handcrafted detections with zero false-positive rates. Nextron Systems was founded in 2017 by BSK Consulting GmbH and HvS Consulting AG, and has offices in Germany and the USA. It serves over 300 customers worldwide, including Fortune Global 500 companies, government agencies, and NGOs.

THOR APT Scanner

Nextron THOR APT Scanner is a portable compromise assessment scanner that detects and analyzes hackers and malicious activity on Windows systems. It features advanced IOC and YARA scanning with thousands of signatures, rules, and IOCs, as well as various deployment and reporting options. It also supports custom indicators and signatures and ensures system stability by monitoring the resources during the scan.

Nextron Products


Nextron THOR APT Scanner is a compromise assessment tool that helps detect and analyze hackers and malicious activity on Windows systems. It uses more than 17,000 handcrafted YARA signatures, 400 Sigma rules, thousands of IOCs, rootkits, and anomaly checks to preprocess forensic images and highlight suspicious elements. It can detect backdoors, tools, outputs, temporary files, system configuration changes, and other traces of malicious activity that the Antivirus misses. It can be deployed as a stand-alone scanner, controlled by an ASGARD Management Center, or used as a web service in the form of THOR Thunderstorm. It supports various ways to report findings, such as text logs, SYSLOG messages, HTML reports, Splunk App, or ASGARD Analysis Cockpit. It also allows users to add their own indicators and signatures from threat feeds, investigations, or threat reports. It monitors the system resources during the scan and applies throttling if needed to ensure system stability.

ASGARD Management Center

ASGARD is a management center that provides an incident response platform for Nextron products, such as THOR and SPARK. It allows users to execute enterprise-wide scans, triage, continuous compromise assessments, and complex response playbooks on up to one million endpoints from a single console. It also features agents for Microsoft Windows, Linux, AIX, and MacOS, a rich API for interoperation with other security devices, built-in and custom response playbooks, and quarantine and remote console functions. ASGARD ships as a hardened virtual appliance and can be controlled by a Master ASGARD for multi-tenant architectures. ASGARD also includes an Analysis Cockpit that helps users analyze THOR logs, set baselines, collaborate on cases, integrate with threat intel and sandbox platforms, and generate reports.


Nextron VALHALLA is a YARA and Sigma rule feed that boosts your detection capabilities with the power of thousands of hand-crafted high-quality rules. It offers more than 17,000 quality-tested YARA rules in 8 different categories, such as APT, Hack Tools, Malware, Web Shells, Exploits, Threat Hunting, Anomalies, and Third Parties. It also provides more than 2,900 Sigma rules for security monitoring. VALHALLA provides rich metadata that adds valuable context to each match, such as web references, related threat group campaigns, hashes of samples, and reliability scores. VALHALLA has a smart API that allows you to download the subscribed categories as text or JSON objects and supports presets for well-known products that support YARA scannings, such as FireEye, Tenable, Tanium, CarbonBlack, or Symantec MAA. VALHALLA also has a website and a command line client that allow you to retrieve the rules using a web browser or integrate them into your deployment process. VALHALLA is used in Nextron's scanner THOR and endpoint agent Aurora.


Nextron AURORA is a lightweight and customizable EDR agent based on Sigma, a generic and open signature format for security monitoring. It uses Event Tracing for Windows (ETW) to recreate events that are very similar to the events generated by Microsoft's Sysmon and applies Sigma rules and IOCs to them. AURORA complements the open Sigma standard with "response actions" that allow users to react to a Sigma match, such as blocking, quarantining, collecting, or alerting. AURORA is transparent, fully customizable, minimal in network load and storage costs, completely on-premises, and limited in resource usage. AURORA offers an enterprise and a "Lite" version, which is free of charge. The free version uses only the open-source rule set and lacks comfort features and central management. AURORA is integrated with Nextron's ASGARD Management Center and VALHALLA Rule Feed.

Request Demo & More Information

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.