VirusTotal
VirusTotal_Rescan
Author: CERT-LDO
License: AGPL-V3
Version: 3.0
Supported observables types:
- hash
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Use VirusTotal to run new analysis on hash.
Configuration
| key |
API key for Virustotal |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| polling_interval |
Define time interval between two requests attempts for the report |
| Default value if not configured |
60 |
| Type of the configuration item |
number |
| The configuration item can contain multiple values |
False |
| Is required |
False |
| highlighted_antivirus |
Add taxonomy if selected AV don't recognize observable |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
True |
| Is required |
False |
| download_sample |
Download automatically sample as observable when looking for hash |
| Default value if not configured |
N/A |
| Type of the configuration item |
boolean |
| The configuration item can contain multiple values |
False |
| Is required |
False |
| download_sample_if_highlighted |
Download automatically sample as observable if highlighted antivirus didn't recognize |
| Default value if not configured |
N/A |
| Type of the configuration item |
boolean |
| The configuration item can contain multiple values |
False |
| Is required |
False |
Templates samples for TheHive
No template samples to display.
VirusTotal_Scan
Author: CERT-BDF
License: AGPL-V3
Version: 3.0
Supported observables types:
- file
- url
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Use VirusTotal to scan a file or URL.
Configuration
| key |
API key for Virustotal |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| polling_interval |
Define time interval between two requests attempts for the report |
| Default value if not configured |
60 |
| Type of the configuration item |
number |
| The configuration item can contain multiple values |
False |
| Is required |
False |
| highlighted_antivirus |
Add taxonomy if selected AV don't recognize observable |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
True |
| Is required |
False |
Templates samples for TheHive
No template samples to display.
VirusTotal_GetReport
Author: CERT-BDF
License: AGPL-V3
Version: 3.0
Supported observables types:
- file
- hash
- domain
- fqdn
- ip
- url
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Get the latest VirusTotal report for a file, hash, domain or an IP address.
Configuration
| key |
API key for Virustotal |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| polling_interval |
Define time interval between two requests attempts for the report |
| Default value if not configured |
60 |
| Type of the configuration item |
number |
| The configuration item can contain multiple values |
False |
| Is required |
False |
| rescan_hash_older_than_days |
Rescan hash observable if report is older than selected days |
| Default value if not configured |
30 |
| Type of the configuration item |
number |
| The configuration item can contain multiple values |
False |
| Is required |
False |
| highlighted_antivirus |
Add taxonomy if selected AV don't recognize observable |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
True |
| Is required |
False |
| download_sample |
Download automatically sample as observable when looking for hash |
| Default value if not configured |
N/A |
| Type of the configuration item |
boolean |
| The configuration item can contain multiple values |
False |
| Is required |
False |
| download_sample_if_highlighted |
Download automatically sample as observable if highlighted antivirus didn't recognize |
| Default value if not configured |
N/A |
| Type of the configuration item |
boolean |
| The configuration item can contain multiple values |
False |
| Is required |
False |
Templates samples for TheHive
No template samples to display.
VirusTotal_DownloadSample
Author: LDO-CERT
License: AGPL-V3
Version: 3.0
Supported observables types:
- hash
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Use VirusTotal to download the original file for an hash.
Configuration
| key |
API private key for Virustotal |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
Templates samples for TheHive
No template samples to display.
Last update: November 15, 2021 06:39:13