Virus Total V2
App Vendor: Virus Total
App Category: Data Enrichment & Threat Intelligence
App Version in Orchestrate: 2.0.0
API Version: 2.0.0
Product Version: 2.0.0
About App
The Virus Total V2 app allows security teams to integrate with Virus Total V2 enterprise application to provide virus and malware scanning service and IOC lookup.
The Virus Total V2 app in the Orchestrate application can perform the below listed actions:
Action Name | Description |
|---|---|
Get comments for the given Resource | This action can be used to retrieve the comments for the given Resource. |
Upload file for scan | This action can be used to upload a file for scanning. |
Submit a URL for a scan report | This action can be used to submit a URL for scan report. |
Search a file using a query | This action can be used to search a file using a query. |
Retrieve network traffic of a file using Hash | This action can be used to retrieve network traffic of a file using Hash. |
Retrieve behaviour of a file using Hash | This action can be used to retrieve the behaviour of a file using Hash. |
Get IP details | This action can be used to retrieve IP details. |
Get Hash details | This action can be used to retrieve Hash details. |
Get URL details | This action can be used to retrieve URL details. |
Get Domain details | This action can be used to retrieve Domain details. |
Fetch File Cluster | This action can be used to retrieve a cluster of all the uploaded files to Virus Total. |
Prerequisites
All the actions configured in the Virus Total V2 app relate to private APIs. Virus Total V2 enterprise subscription is required to access the private APIs.
Configuration parameters
The following configuration parameters are required for the Virus Total V2 app to communicate with Virus Total V2 Enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
API Key | Enter API Access token for REST API access. | Password | Required |
Action: Get comments for the given Resource
This action can be used to retrieve the comments for the given Resource.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Resource | Enter the Resource. | Text | Required |
Action: Upload file for scan
This action can be used to upload a file for scanning.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
File path | Enter the file path in CSOL to be scanned. For example, "/tmp/e0bbea5c-13a4-4000-889b-bc2a653db40d/upload.txt". | Text | Required |
Example Request
[
{
"file_path": "/tmp/d1e95f14-8adc-4d6d-a28c-6b55ff7b885b/upload.txt"
}
]Action: Submit a URL for a scan report
This action can be used to submit a URL for scan report.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
URL | Enter the URL for scan report. For example, "http[s]://cyware.com/contact". | Text | Required |
Example Request
[
{
"url": "http[s]://cyware.com/contact"
}
]Action: Search a file using a query
This action can be used to search a file using a query.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
query | Enter the query to search a file. For example, "File Analysis". | Text | Required |
Example Request
[
{
"query": "File Analysis"
}
]Action: Retrieve network traffic of a file using Hash
This action can be used to retrieve network traffic of a file using Hash.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
File Hash | Enter the Hash Value. | Text | Required |
Action: Retrieve behaviour of a file using Hash
This action can be used to retrieve the behaviour of a file using Hash.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Hash | Enter the Hash value. | Text | Required |
Action: Get IP details
This action can be used to retrieve IP details.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
IP address | Enter the IP address to fetch it's details. For example, "1.1.1.1." |
Example Request
[
{
"ip_address": "1.1.1.1"
}
]Action: Get Hash details
This action can be used to retrieve Hash details.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Hash | Enter the Hash Value to fetch it's details. | Text | Required |
Action: Get URL details
This action can be used to retrieve URL details.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
URL | Enter the URL to fetch it's details. For example, "http[s]://cyware.com/contact" | Text | Required |
Example Request
[
{
"url": "http[s]://cyware.com/contact"
}
]Action: Get Domain details
This action can be used to retrieve Domain details.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Domain | Enter the Domain to fetch it's details.For example, "cyware.com" | Text | Required |
Example Request
[
{
"domain": "cyware.com"
}
]Action: Fetch File Cluster
This action can be used to retrieve a cluster of all the uploaded files to Virus Total.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Date | Enter the date for which we want to access the clustering details. Date must be in YYYY-MM-DD format. For example, "2020-03-01" | Text | Required |
Example Request
[
{
"date": "2020-03-01"
}
]