From e8be33f0b5299f2320e0015236b32c3cd2acf0e3 Mon Sep 17 00:00:00 2001 From: redteampanda-ng <31235211+redteampanda-ng@users.noreply.github.com> Date: Thu, 6 Nov 2025 10:48:32 +0100 Subject: [PATCH 1/2] chore: expand on what data is being collected --- usage/diagnostics.rst | 56 ++++++++++++++++++++++++++++++++----------- usage/templates.rst | 3 --- 2 files changed, 42 insertions(+), 17 deletions(-) diff --git a/usage/diagnostics.rst b/usage/diagnostics.rst index 5a6aa93..c57e8ec 100644 --- a/usage/diagnostics.rst +++ b/usage/diagnostics.rst @@ -5,9 +5,9 @@ Diagnostics =========== If THOR does not behave like it should, e.g. using more resources than -you expected, taking more time with the scan as usual or unexpectedly +you expected, taking a prolonged time to finish a scan, or unexpectedly exits with a generic error, you can create a diagnostics pack for our -support to help in troubleshooting the issue. +support to help you troubleshoot the issue. This can be done using THOR Util's diagnostics command. @@ -32,8 +32,11 @@ of the data collection and can be changed using the ``--output`` flag. Get diagnostics of a running THOR scan -------------------------------------- -The generally preferred method of collecting THOR diagnostics is to run THOR Util's -diagnostics command directly when the issue is occurring. +The preferred method of collecting THOR diagnostics is +to run THOR Util's diagnostics command directly when +the issue is occurring. This generally means if you +suspect THOR is stuck during a scan, high memory or +CPU usage by THOR, or anything else during its runtime. .. code:: doscon @@ -42,17 +45,42 @@ diagnostics command directly when the issue is occurring. Get diagnostics of a finished THOR scan --------------------------------------- -If the THOR run is already finished, you can also use the diagnostics -command like above with reduced information being collected. - -Another possibility is to use the ``--run`` flag to rerun the last -THOR scan. In addition to conveniently rerunning the scan, THOR -Util can now watch over the THOR process for interrupting signals -from other processes (e.g. anti virus) which greatly helps in -determining if anti virus exclusions for THOR are applied correctly -or not. Using the ``--run`` flag should be the preferred method if -THOR is exiting unexpectedly. +If the THOR run is already finished or stopped unexpectedly, +you can also use the diagnostics command above, with the +biggest downside that only a reduced - and mostly not helpful - +amount of information can be collected. In those cases, you +should use the ``--run`` flag to rerun the last THOR scan. +Using the ``--run`` flag is the preferred method if THOR +is exiting unexpectedly/randomly. .. code:: doscon C:\thor>thor-util.exe diagnostics --run + +What data is being collected +---------------------------- + +The below data is being collected by THOR Util's +diagnostics function: + +- A log of THOR Utils diagnostics run itself +- Go Profiles for CPU, Memory and Go routines, see: https://go.dev/blog/pprof +- THOR's running configuration parameters +- A process list of all running processes on the machine. (this + helps tremendously identifying processes that might disturb + THOR, like an AV/EDR) +- A process dump of the running THOR instance +- The progress state of the running THOR instance +- A dump of the THOR DB +- The latest THOR log + +.. hint:: + Critical or personal information may be present in the THOR log, THOR DB dump, + running process list, in the THOR process dump, and in the progress report + (working item details like path information). The profiles may allow insights + on what type of data is being scanned but does not contain any specific pieces + of data. + +The diagnostics pack is only used to debug the issues you are facing with +THOR and will be deleted from our systems once the root cause of your issue +was found. \ No newline at end of file diff --git a/usage/templates.rst b/usage/templates.rst index f4cdc89..c15516c 100644 --- a/usage/templates.rst +++ b/usage/templates.rst @@ -1,6 +1,3 @@ -.. role:: raw-html-m2r(raw) - :format: html - Templates =========================== From f16844cbd06523bb43c7ce37edfdc47f97311fab Mon Sep 17 00:00:00 2001 From: redteampanda-ng <31235211+redteampanda-ng@users.noreply.github.com> Date: Thu, 5 Feb 2026 14:57:08 +0100 Subject: [PATCH 2/2] chore: copyright year --- conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf.py b/conf.py index 9e622f8..ccb9490 100644 --- a/conf.py +++ b/conf.py @@ -1,7 +1,7 @@ import os project = 'THOR Util Manual' -copyright = '2025, Nextron Systems GmbH' +copyright = '2026, Nextron Systems GmbH' author = 'Nextron Systems GmbH' version='1.0' extensions = [