To integrate Virus Total API with Query:
- Create your VirusTotal API key in your VirusTotal account.
- Add a VirusTotal connection source in Query with the required connection parameters.
- Test the integration with Test connection link.
- Perform searches for indicators of compromise such as external IP addresses, URLS, File signatures, and domains.
VirusTotal is a free service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. By integrating with Query, you can:
- Get threat intelligence on indicators of compromise such as IP addresses, URLs, domains and file signatures.
Make sure you have the following connection parameters to add VirusTotal as a connection source in Query.
- API Key
- Base URL : ex: https://www.virustotal.com
Start by setting up your first federated connection. Click the Connections link, then Add Connection:
- Create or login to virustotal.com. Under your profile settings select API Keys.
- Create your VirusTotal API key and copy the key and/or save it to a secure location.
- Name The name of the connection as it appears in the Query UI
- Platform Instance VirusTotal
- API Key Paste the API key from above
- Base URL false
- Click Test Connection . If no errors were noted, the connection was successful!
- Click Save.
- You will now see you have one data connection setup for VirusTotal.
NOTE: You may have multiple connections of the same type, each with their own API keys or credentials. For example, if you have 5 instances of a data lake, like Splunk, in different regions you may configure a connection for all 5 data lakes.
- Click the magnifing glass icon on the left pane.
- In the search box at the top, type or click Domain equals hendersonlandworks.co.nz:
- Note the above example has only one connection for VirusTotal.
If you are receiving results, your first connection is complete!
To setup VirusTotal connection see the Getting Started section of this guide.
- VirusTotal API documentation : https://developers.virustotal.com/reference/overview
Updated 3 months ago