Author Topic: Valkyrie Verdict - Cloud based Threat Lab as a Service  (Read 1098 times)

Offline berkerbatur

  • Comodo Staff
  • Newbie
  • *****
  • Posts: 13
Valkyrie Verdict - Cloud based Threat Lab as a Service
« on: April 20, 2018, 09:41:14 PM »
Hello everyone,

Today we are glad and excited to announce the launch of our global Threat Labs as a Service (TLaaS) Valkyrie Verdict (https://verdict.valkyrie.comodo.com/) offering, a cloud-based verdicting service. Valkyrie Verdict provides a simple interface via its API and Web UI to our threat lab’s file analysis, malware kill-chain analysis, domain, URL and IP intelligence capabilities.

The major difference of Valkyrie Verdict with similar products is the ability to provide 100% trusted and verified verdict, as either Safe or Malware for any file within an SLA of 4 hours. Valkyrie Verdict provides %100 visibility of customer’s network in terms of known good or known bad classification.

Following features of this offering are provided via both Verdict Developer’s API and its Web UI:
  • Cloud based file analysis and Kill-Chain service via Valkyrie
  • Human-expert malware analysis
  • Domain, URL and IP intelligence via Reputation System
  • Domain and URL scanning via Deceptive Domain Engine

We have also developed following plugins to integrate Valkyrie Verdict in to your defense in depth:

Please note that Valkyrie Verdict is still in Beta version, and it would be great if you test it and provide your valuable feedback to us!


Valkyrie Verdict Team.

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 189
Re: Valkyrie Verdict - Cloud based Threat Lab as a Service
« Reply #1 on: April 20, 2018, 10:33:46 PM »
Congrats Berker, good job.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3451
Re: Valkyrie Verdict - Cloud based Threat Lab as a Service
« Reply #2 on: April 21, 2018, 10:53:55 AM »
A few issues I noticed, first you get different results when you search by sha1 hash when same hash is in upper case and lower case form e.g.
https://verdict.valkyrie.comodo.com/file/result?s=D5C559F7102B3F914A62314C4A6493B07CED163E
https://verdict.valkyrie.comodo.com/file/result?s=d5c559f7102b3f914a62314c4a6493b07ced163e

2. different results between consumer and verdict e.g.
https://verdict.valkyrie.comodo.com/file/result?s=db6828333b74aa3e1caaa2e36423fe5159d43c2e
https://consumer.valkyrie.comodo.com/get_info?sha1=db6828333b74aa3e1caaa2e36423fe5159d43c2e

3. some URLs are reported as Phishing but Comodo Online Security browser extensions do not block the URL. e.g. https://verdict.valkyrie.comodo.com/url/result?url=https%3A%2F%2Flogin.yahoo.com%2F

4. last analysis date for URLs are not presented even if reputation history have history listed for the URL.
« Last Edit: April 21, 2018, 11:27:18 AM by futuretech »


Offline qmarius

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 3830
  • making simple things complicated
Re: Valkyrie Verdict - Cloud based Threat Lab as a Service
« Reply #4 on: April 23, 2018, 12:29:29 AM »
Any point in not making use of Valkyrie logins in production env?

Offline berkerbatur

  • Comodo Staff
  • Newbie
  • *****
  • Posts: 13
Re: Valkyrie Verdict - Cloud based Threat Lab as a Service
« Reply #5 on: April 23, 2018, 07:48:03 AM »
Hello futuretech,

1. Team is working on upper case - lower case bug. In 2 days, SHA1 search will be totally case in-sensitive.

2. Verdict reflections from original Valkyrie to Valkyrie Verdict and Valkyrie Consumer might take some time which could also be different. Verdict is getting human expert analysis results directly from Valkyrie, but consumer is getting these verdict after they are reflected to FLS.

3. COS might have a whitelist to not accidentally block safe sites. I am going to contact with COS team and resolve the issue whether we have problem in integration or not.

4. Team is working on this, in a week we will also release this.


A few issues I noticed, first you get different results when you search by sha1 hash when same hash is in upper case and lower case form e.g.
https://verdict.valkyrie.comodo.com/file/result?s=D5C559F7102B3F914A62314C4A6493B07CED163E
https://verdict.valkyrie.comodo.com/file/result?s=d5c559f7102b3f914a62314c4a6493b07ced163e

2. different results between consumer and verdict e.g.
https://verdict.valkyrie.comodo.com/file/result?s=db6828333b74aa3e1caaa2e36423fe5159d43c2e
https://consumer.valkyrie.comodo.com/get_info?sha1=db6828333b74aa3e1caaa2e36423fe5159d43c2e

3. some URLs are reported as Phishing but Comodo Online Security browser extensions do not block the URL. e.g. https://verdict.valkyrie.comodo.com/url/result?url=https%3A%2F%2Flogin.yahoo.com%2F

4. last analysis date for URLs are not presented even if reputation history have history listed for the URL.

Offline berkerbatur

  • Comodo Staff
  • Newbie
  • *****
  • Posts: 13
Re: Valkyrie Verdict - Cloud based Threat Lab as a Service
« Reply #6 on: April 23, 2018, 07:50:20 AM »
Hello futuretech,

Team will check new analysis result integrations of both Verdict and Consumer. This specific file appears malware in all 3 platforms now.

Thanks for reporting and giving feedback for Valkyrie.

This time consumer and verdict valkyrie have equal unknown rating:
https://verdict.valkyrie.comodo.com/file/result?s=0fa31bf9e99a0d98c9df06b4c92bf736780c86a3
https://consumer.valkyrie.comodo.com/get_info?sha1=0fa31bf9e99a0d98c9df06b4c92bf736780c86a3

but is rated malware by regular valkyrie:
https://valkyrie.comodo.com/get_info?sha1=0fa31bf9e99a0d98c9df06b4c92bf736780c86a3

Offline berkerbatur

  • Comodo Staff
  • Newbie
  • *****
  • Posts: 13
Re: Valkyrie Verdict - Cloud based Threat Lab as a Service
« Reply #7 on: April 23, 2018, 07:53:57 AM »
Hello qmarius,

Do you mean using original Valkyrie logins in Valkyrie Verdict ? If that's the case, it is planned to keep user, subscription and integrations of Valkyrie Verdict as different services from original Valkyrie. Currently we have integration only on file analysis.

Any point in not making use of Valkyrie logins in production env?
« Last Edit: April 23, 2018, 08:19:05 PM by berkerbatur »

Offline berkerbatur

  • Comodo Staff
  • Newbie
  • *****
  • Posts: 13
Re: Valkyrie Verdict - Cloud based Threat Lab as a Service
« Reply #8 on: April 25, 2018, 10:49:08 AM »
Hello everyone,

A new version for Valkyrie Verdict has been released.
https://verdict.valkyrie.comodo.com


Following bugs have been fixed:
  • Different analysis results for Lowercase - Uppercase hash
  • Correction of FP cases for Deceptive Domain Engine
  • Incorrect verdict field of phishing URL(s) for any Domain


Valkyrie Verdict Team.

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 511
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Valkyrie Verdict - Cloud based Threat Lab as a Service
« Reply #9 on: May 05, 2018, 03:24:03 PM »
I'm a little late , but that looks very interesting . I will deal with it extensively !

Thank all for the development work done. :-TU
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 189
Re: Valkyrie Verdict - Cloud based Threat Lab as a Service
« Reply #10 on: May 06, 2018, 12:08:44 AM »
I'm a little late , but that looks very interesting . I will deal with it extensively !

Thank all for the development work done. :-TU

 :-TU

Offline Felipe Oliveira

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 470
  • Brazilian / Medicine Student / Love Technology
Re: Valkyrie Verdict - Cloud based Threat Lab as a Service
« Reply #11 on: May 06, 2018, 11:31:46 AM »
Hello!

I have 2 internet providers, one with 30MB speed and another with 1MB speed. I've never had any problems with valkyrie.comodo.com related to 30MB speed. But related to 1MB speed, yes I have some problems.

When I upload to the valkyrie.comodo.com through the internet of 1MB if the file is above 1 mega always the error, I can only send very small files. This occurs for months.

Now I'm using this verdict.valkyrie.comodo.com that works perfectly with both speeds, I had no problem uploading since I started a few days ago.

Offline berkerbatur

  • Comodo Staff
  • Newbie
  • *****
  • Posts: 13
Re: Valkyrie Verdict - Cloud based Threat Lab as a Service
« Reply #12 on: May 07, 2018, 02:53:48 AM »
Hello pio,

Looking forward to hearing your feedback  :-TU

All comments, findings and requests for Valkyrie Verdict are so valuable for us especially in this Beta phase!

Best  regards,
Berker

I'm a little late , but that looks very interesting . I will deal with it extensively !

Thank all for the development work done. :-TU

Offline berkerbatur

  • Comodo Staff
  • Newbie
  • *****
  • Posts: 13
Re: Valkyrie Verdict - Cloud based Threat Lab as a Service
« Reply #13 on: May 07, 2018, 02:56:13 AM »
Hello Felipe,

Thanks a lot for reporting this problem. Valkyrie team will check this ASAP.

Best regards,
Berker

Hello!

I have 2 internet providers, one with 30MB speed and another with 1MB speed. I've never had any problems with valkyrie.comodo.com related to 30MB speed. But related to 1MB speed, yes I have some problems.

When I upload to the valkyrie.comodo.com through the internet of 1MB if the file is above 1 mega always the error, I can only send very small files. This occurs for months.

Now I'm using this verdict.valkyrie.comodo.com that works perfectly with both speeds, I had no problem uploading since I started a few days ago.

Offline yigido

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 5687
  • COMODO Rocks!
    • Free Comodo Products!
Re: Valkyrie Verdict - Cloud based Threat Lab as a Service
« Reply #14 on: May 08, 2018, 10:04:20 AM »
Love it! Thank you guys  :-TU

I want to inform you about another website's mistake.
Please go there: https://www.comodo.com/home/internet-security/submit.php

I want to submit a host but website gives me warning "Please enter valid url"
See the attached screenshot. Can you please solve it? Thanks
COMODO Cloud Antivirus
Firefox Quantum
Encrypt the web! Use HTTPS Everywhere..
Block spying ads and invisible trackers! Use Privacy Badger..

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek