Skip to content

VirusTotal#

VirusTotal_Rescan#

Author: CERT-LDO
License: AGPL-V3
Version: 3.0
Supported observables types:
- hash
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

Use VirusTotal to run new analysis on hash.

Configuration#

key API key for Virustotal
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
polling_interval Define time interval between two requests attempts for the report
Default value if not configured 60
Type of the configuration item number
The configuration item can contain multiple values False
Is required False
highlighted_antivirus Add taxonomy if selected AV don't recognize observable
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values True
Is required False
download_sample Download automatically sample as observable when looking for hash
Default value if not configured N/A
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required False
download_sample_if_highlighted Download automatically sample as observable if highlighted antivirus didn't recognize
Default value if not configured N/A
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

VirusTotal_Scan#

Author: CERT-BDF
License: AGPL-V3
Version: 3.0
Supported observables types:
- file
- url
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

Use VirusTotal to scan a file or URL.

Configuration#

key API key for Virustotal
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
polling_interval Define time interval between two requests attempts for the report
Default value if not configured 60
Type of the configuration item number
The configuration item can contain multiple values False
Is required False
highlighted_antivirus Add taxonomy if selected AV don't recognize observable
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values True
Is required False

Templates samples for TheHive#

No template samples to display.

VirusTotal_GetReport#

Author: CERT-BDF
License: AGPL-V3
Version: 3.0
Supported observables types:
- file
- hash
- domain
- fqdn
- ip
- url
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

Get the latest VirusTotal report for a file, hash, domain or an IP address.

Configuration#

key API key for Virustotal
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
polling_interval Define time interval between two requests attempts for the report
Default value if not configured 60
Type of the configuration item number
The configuration item can contain multiple values False
Is required False
rescan_hash_older_than_days Rescan hash observable if report is older than selected days
Default value if not configured 30
Type of the configuration item number
The configuration item can contain multiple values False
Is required False
highlighted_antivirus Add taxonomy if selected AV don't recognize observable
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values True
Is required False
download_sample Download automatically sample as observable when looking for hash
Default value if not configured N/A
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required False
download_sample_if_highlighted Download automatically sample as observable if highlighted antivirus didn't recognize
Default value if not configured N/A
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

VirusTotal_DownloadSample#

Author: LDO-CERT
License: AGPL-V3
Version: 3.0
Supported observables types:
- hash
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

Use VirusTotal to download the original file for an hash.

Configuration#

key API private key for Virustotal
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

No template samples to display.


Last update: November 15, 2021 06:39:13