VirusTotal
TL;DR
To integrate Virus Total API with Query:
- Create your VirusTotal API key in your VirusTotal account.
- Add a VirusTotal connection source in Query with the required connection parameters.
- Test the integration with Test connection link.
- Perform searches for indicators of compromise such as external IP addresses, URLS, File signatures, and domains.
Overview
VirusTotal is a free service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. By integrating with Query, you can:
- Get threat intelligence on indicators of compromise such as IP addresses, URLs, domains and file signatures.
Prerequisites
Make sure you have the following connection parameters to add VirusTotal as a connection source in Query.
- API Key
- Base URL : ex: https://www.virustotal.com
Start by setting up your first federated connection. Click the Connections link, then Add Connection:
VirusTotal API Key
- Create or login to virustotal.com. Under your profile settings select API Keys.
- Create your VirusTotal API key and copy the key and/or save it to a secure location.
- Name The name of the connection as it appears in the Query UI
- Platform Instance VirusTotal
- API Key Paste the API key from above
- Base URL false
- Click Test Connection . If no errors were noted, the connection was successful!
- Click Save.
- You will now see you have one data connection setup for VirusTotal.
NOTE: You may have multiple connections of the same type, each with their own API keys or credentials. For example, if you have 5 instances of a data lake, like Splunk, in different regions you may configure a connection for all 5 data lakes.
Test your connection with search
- Click the magnifing glass icon on the left pane.
- In the search box at the top, type or click Domain equals hendersonlandworks.co.nz:
- Note the above example has only one connection for VirusTotal.
- Results:
If you are receiving results, your first connection is complete!
Adding a connection in Query
To setup VirusTotal connection see the Getting Started section of this guide.
Resources
- VirusTotal API documentation : https://developers.virustotal.com/reference/overview
Updated about 1 year ago