SOC Operations

Bulk IOC Triage

Check dozens of file hashes from an alert batch in seconds instead of clicking through each one by one.

  • Paste hash lists directly from SIEM exports
  • Instantly separate known/cataloged files from the unknown
  • Drop the noise and reduce analyst triage time

Malware Triage

Exclude Known Files

Cross-reference hashes extracted from sandbox detonations or static analysis against NSRL to strip out cataloged OS and software files.

  • Exclude legitimate OS and application files in one pass
  • Cut the catalog noise from large sample sets
  • Focus manual analysis on genuinely novel, un-cataloged samples

Digital Forensics

Evidence Verification

Triage disk image artefacts, check file system hashes, and separate operating-system noise from evidence of interest.

  • Submit large lists of filesystem hashes in bulk
  • Filter known OS and software files in one step
  • Export results as CSV for case files

Threat Hunting

Shrink the Hunt Surface

Rule out cataloged files across your environment’s file hashes so the unknown rises to the top for review.

  • Automate periodic batch checks via the API
  • Correlate the remaining unknowns with endpoint telemetry
  • Build hunting workflows on top of known-file data

Incident Response

Rapid Scoping

During active incidents, narrow the blast radius fast by ruling out cataloged files across all collected artefacts — so the unknown stands out.

  • Check large batches of collected hashes via the bulk API
  • Filter out known OS and software files in one step
  • Export the remaining unknowns into IR reports as CSV

MSSP / MDR

Multi-Tenant Operations

Scale hash reputation across all your managed clients without per-lookup pricing eating into margins.

  • High API rate limits for high-volume use
  • Integrate into your existing managed detection platform
  • Priority support and SLA on Business plans

Security Vendors

Product Enrichment

Add NSRL known-file data to your security product without building and maintaining your own copy of the RDS.

  • Simple REST API to embed lookups in your product
  • Bulk endpoints for high-throughput enrichment
  • Higher bulk size limits on Professional and Business plans

Security Research

Dataset Analysis

Researchers analysing large malware corpora or building detection models can cross-reference sets of hashes at scale.

  • CSV upload for batch dataset queries
  • Export structured results for downstream analysis
  • API integration with Jupyter, Python, and notebooks

Your workflow, your scale

Start free. Scale to enterprise when you’re ready.