CISA has publicly released Thorium, an open‑source, scalable platform co‑developed with Sandia National Laboratories. Designed for automated malware and forensic file analysis, Thorium can integrate commercial, open‑source, and custom tools into orchestrated workflows. It processes more than 10 million files per hour per permission group and schedules over 1,700 jobs per second, while providing fast query response and flexible event‑driven automation.

The platform supports executing analysis tools as Docker containers (and, with additional setup, even VM or bare‑metal tools), filtering outputs via tags and full‑text search, and enforcing strict group‑based access controls. Analysts can manage workflows through a REST API, web UI or command line. Designed on Kubernetes and ScyllaDB, Thorium also facilitates tool import/export for sharing across teams, making it especially useful for malware triage, host forensics, incident response, and large‑scale tool testing.

‍

Source: https://www.bleepingcomputer.com/news/security/cisa-open-sources-thorium-platform-for-malware-forensic-analysis/