VirusTotal
VirusTotal_Rescan
Author: CERT-LDO
License: AGPL-V3
Version: 3.0
Supported observables types:
- hash
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Use VirusTotal to run new analysis on hash.
Configuration
key |
API key for Virustotal |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
True |
polling_interval |
Define time interval between two requests attempts for the report |
Default value if not configured |
60 |
Type of the configuration item |
number |
The configuration item can contain multiple values |
False |
Is required |
False |
highlighted_antivirus |
Add taxonomy if selected AV don't recognize observable |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
True |
Is required |
False |
download_sample |
Download automatically sample as observable when looking for hash |
Default value if not configured |
N/A |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
False |
download_sample_if_highlighted |
Download automatically sample as observable if highlighted antivirus didn't recognize |
Default value if not configured |
N/A |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
False |
Templates samples for TheHive
No template samples to display.
VirusTotal_Scan
Author: CERT-BDF
License: AGPL-V3
Version: 3.0
Supported observables types:
- file
- url
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Use VirusTotal to scan a file or URL.
Configuration
key |
API key for Virustotal |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
True |
polling_interval |
Define time interval between two requests attempts for the report |
Default value if not configured |
60 |
Type of the configuration item |
number |
The configuration item can contain multiple values |
False |
Is required |
False |
highlighted_antivirus |
Add taxonomy if selected AV don't recognize observable |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
True |
Is required |
False |
Templates samples for TheHive
No template samples to display.
VirusTotal_GetReport
Author: CERT-BDF
License: AGPL-V3
Version: 3.0
Supported observables types:
- file
- hash
- domain
- fqdn
- ip
- url
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Get the latest VirusTotal report for a file, hash, domain or an IP address.
Configuration
key |
API key for Virustotal |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
True |
polling_interval |
Define time interval between two requests attempts for the report |
Default value if not configured |
60 |
Type of the configuration item |
number |
The configuration item can contain multiple values |
False |
Is required |
False |
rescan_hash_older_than_days |
Rescan hash observable if report is older than selected days |
Default value if not configured |
30 |
Type of the configuration item |
number |
The configuration item can contain multiple values |
False |
Is required |
False |
highlighted_antivirus |
Add taxonomy if selected AV don't recognize observable |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
True |
Is required |
False |
download_sample |
Download automatically sample as observable when looking for hash |
Default value if not configured |
N/A |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
False |
download_sample_if_highlighted |
Download automatically sample as observable if highlighted antivirus didn't recognize |
Default value if not configured |
N/A |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
False |
Templates samples for TheHive
No template samples to display.
VirusTotal_DownloadSample
Author: LDO-CERT
License: AGPL-V3
Version: 3.0
Supported observables types:
- hash
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Use VirusTotal to download the original file for an hash.
Configuration
key |
API private key for Virustotal |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
True |
Templates samples for TheHive
No template samples to display.
Last update: November 15, 2021 06:39:13