Thorium is a scalable platform that orchestrates arbitrary docker, VM, and shell tools for large-scale file analysis and data generation.
A scalable file analysis and data generation platform that allows users to easily orchestrate arbitrary docker/vm/shell tools at scale.
Thorium is designed for security analysts and developers who need to automate and scale the analysis of files and repositories using various tools in containerized or bare-metal environments. It facilitates incident response, log analysis, and security automation by providing a unified interface and API to manage, search, and share analysis results across teams.
Thorium currently does not include built-in analysis tools but supports easy integration of external docker/VM/shell tools. It is designed to scale to billions of samples given sufficient compute and storage resources. Single node deployments are intended for testing only and may lack production stability. Thorium does not send telemetry data externally, ensuring privacy. File size support is approximately 50 GiB compressed, with plans to increase this limit.
Deploy Thorium on a Kubernetes cluster for production use
Use block store provider and S3-compatible storage (e.g., CEPH for on-prem)
For single node or laptop deployment, use Minikube following Minithor documentation
Refer to full production deployment documentation at https://cisagov.github.io/thorium/admins/deploy/deploy.html
Follow single node install instructions at https://github.com/cisagov/thorium/blob/main/minithor/README.md