New Kill Chain Report Section *Re-RE....Edit

[pio]

Hey Guys ,

nice to see that something has changed in valkyrie . The new "Kill Chain Report Section" look's very nice ! Still not quite "finished" yet, I believe, but i like it ... !!!  Very useful, additional, information for the experienced user or for those who want it to be ."Severity Rating" could be integrated in Valkyrie Verdicts for Sandboxed Application's (?!) For example, a Alarm-Popup with a final verdict from valkyrie and extra "Severity Rating" indicator . It could be shown as additional information in all Applications who use Comodo's Containment Technology . For files that could not be analyzed completly or correctly , this might be useful too . Maybe it's nessesary to write a kind of "Valkyrie self checking algorithm".  If valkyrie does not find enough indicators to issue a safe or complete analysis, then a rating with regard to the number of found indicators  make sense (As the Severity Rating Indicator already shows for successfully analyzed files) ! And for this case a another hint to wait for the human expert analysis would also be good . But I'm also not sure if there should be anything else between clean or malicious . 

Keep it up ... !!! 

p.s And thank you very much for integrating reporting information Mail's and executed Application Screenshots !!!   

p.s.  yeah ... I noticed that even more details were added to the reports . 64 Pages!Respekt !

[futuretech]

Can you link to a report that has this new feature? Because I'm not seeing this when I uploaded a sample for analysis.

[pio]

Can you link to a report that has this new feature? Because I'm not seeing this when I uploaded a sample for analysis.

of course , sent to me by a mysterious fairy   

"Preview" Kill Chain Report :

https://valkyrie.comodo.com:443/kill/chain/55bfa6aa04a16a892acdb2cc410192ab21e886a3/pdf/report/export

[Melih]

few more links...

these are pdf version....
https://valkyrie.comodo.com/kill/chain/51e5b1e7bf928da55c2654ceefaff3df07a513ef/pdf/report/export
https://valkyrie.comodo.com/kill/chain/51e5b1e7bf928da55c2654ceefaff3df07a513ef/pdf/report/export
https://valkyrie.comodo.com/kill/chain/9c45fca5872329cef99439ae95100bbc19a95d83/pdf/report/export
https://valkyrie.comodo.com/kill/chain/336c36d486b251098dfd6877ea2e4d3cef6482ec/pdf/report/export


Change the pdf/report/export to summary...then you get the interactive version

https://valkyrie.comodo.com/kill/chain/51e5b1e7bf928da55c2654ceefaff3df07a513ef/summary

[pio]

few more links...

Change the pdf/report/export to summary...then you get the interactive version

https://valkyrie.comodo.com/kill/chain/51e5b1e7bf928da55c2654ceefaff3df07a513ef/summary

ok ... , thank you for your information !   

Interactive version looks better !  Very detailed , structured and with a user-friendly interface .

I am looking forward to seeing valkyrie "back" in action !   

[futuretech]

few more links...

these are pdf version....
https://valkyrie.comodo.com/kill/chain/51e5b1e7bf928da55c2654ceefaff3df07a513ef/pdf/report/export
https://valkyrie.comodo.com/kill/chain/51e5b1e7bf928da55c2654ceefaff3df07a513ef/pdf/report/export
https://valkyrie.comodo.com/kill/chain/9c45fca5872329cef99439ae95100bbc19a95d83/pdf/report/export
https://valkyrie.comodo.com/kill/chain/336c36d486b251098dfd6877ea2e4d3cef6482ec/pdf/report/export


Change the pdf/report/export to summary...then you get the interactive version

https://valkyrie.comodo.com/kill/chain/51e5b1e7bf928da55c2654ceefaff3df07a513ef/summary

And I see the kill chain report is available under the valkyrie final verdict when looking at sample summary. Pretty cool feature and I'm sure it will take time for it to be available to more submissions.

https://valkyrie.comodo.com/get_info?sha1=51e5b1e7bf928da55c2654ceefaff3df07a513ef

[Melih]

And I see the kill chain report is available under the valkyrie final verdict when looking at sample summary. Pretty cool feature and I'm sure it will take time for it to be available to more submissions.

https://valkyrie.comodo.com/get_info?sha1=51e5b1e7bf928da55c2654ceefaff3df07a513ef

we are now deploying the infrastructure so that every malware will have a  Kill Chain report.

Also we are thinking about releasing all that data in an XML format so that anyone can write any report or put a new UI to it. What do you think?

[pio]

we are now deploying the infrastructure so that every malware will have a  Kill Chain report.

Also we are thinking about releasing all that data in an XML format so that anyone can write any report or put a new UI to it. What do you think?

Great Idea !!! I'm on board ! Can't wait to do some test's with valkyrie !

[fatih.orhan]

I want to clarify this Kill-Chain report creation: currently, when you login to your account at http://valkyrie.comodo.com, you may choose a Malware sample from your list, and you'll see a button as "Send to Kill Chain Analysis" (http://prnt.sc/f2naz7). This button appears only for malware files.

When you click, the report is being generated automatically in the backend, and takes usually not more than 3-4 minutes. Then you may access the report through the sample's main UI, where you'll see a "Kill Chain Report" button (http://prntscr.com/f2ncrc).

User needs to manually trigger the report generation for now. With next hotfix, we'll start the generation of the report in the backend, as soon as it's marked as malware.

[fatih.orhan]

Hi guys, I previously informed about a hotfix that will automatically create the kill-chain report for malware files. On Saturday, Valkyrie team did a hotfix deployment and now we have this feature. All new detections as malware have kill-chain reports created as well.

The creation may take around 5 minutes, as we're performing extensive dynamic analysis to get all details. So please be patient after you submit a malware sample and wait for kill-chain report.

[pio]

Great News !!! 

I will do a few tests and see how it works !!! 

Best Regards !!!

Pio