this is done already with CAMAS. All unknown files are being sent to the cloud where they undergo behaviour analysis. If found suspicious (e.g. suspicious+ or suspicious++) the signature is automatically created.
Although valkyrie is not used to analyze unknown files by CIS, we’ve been told that it is also used to create signatures.
CAMAS is buggy, the files sometimes remain undetected. Also, I often see the files are added automatically when there’s a detection from a known vendor at VT… (even without Suspicious+/Suspicious++ detection)
What makes you think that submitted files to CAMAS are only processed by CAMAS ? There are a number of automated systems, CAMAS is only a part of the filters…Many undetected files by CAMAS are by Advanced Heuristics engines.