Threat Research

Product Update: Improved Domain & IP Summaries, Refreshed Projects, and YARA-X updates | Validin

Validin
Product Update: Improved Domain & IP Summaries, Refreshed Projects, and YARA-X updates | Validin

Validin released updates that improve domain and IP summaries on the Search page, a refreshed Projects UI with a context-aware sidebar, and YARA workflow enhancements including new match-table columns, easier deletion and filtering of matches, and visibility into rule activity. YARA-X integration exits beta on December 1st with billing displayed to users and billing beginning January 1st. #Validin #YARA-X

Keypoints

  • Search page now shows richer domain/IP summaries including registrar details, registration age, last-seen resolution, current IPs with ASN and geolocation flags, and latest nameservers.
  • HTTP/S response context is surfaced directly in summaries with full request URI, response code, content length, page title, and favicon (format and hash), with “View Full HTML” for Enterprise customers.
  • Projects UI refreshed with a context-aware sidebar that provides always-relevant information, an instant project snapshot, and quick indicator analysis (distribution, tags, top contributors).
  • YARA match table gains five new columns (Match Time, Last Match Time, First Seen, Last Seen, Count) to better distinguish new infrastructure and support dynamic grouping for flexible pivots.
  • YARA tab within Projects adds Activity (seven-day sparkline) and First Seen Today columns to surface evolving infrastructure and prioritize emerging threats.
  • Analysts can delete YARA matches directly from result tables (single or bulk), and Validin announces YARA-X exiting beta with billing displayed now and charged beginning January 1st.

MITRE Techniques

  • None – The article does not reference specific MITRE ATT&CK techniques.

Indicators of Compromise

  • [Domains ] Domain investigation and Search summaries – no specific domain examples provided in the article
  • [IP Addresses ] Resolution and current IP context shown in summaries – no specific IP examples provided in the article
  • [File Hashes ] Favicon hash reported in HTTP/S summary – favicon hash mentioned but no concrete hash values provided
  • [Host response metadata ] HTTP/S response details used for investigation – examples include full request URI and response code (no specific URIs or codes provided)

Read more: https://www.validin.com/blog/product-update-improved-summaries/