Skip to main content

Cyware Orchestrate

Virus Total V3

App Vendor: Virus Total

Connector Category: Data Enrichment & Threat Intelligence

Connector Version: 1.3.1

API Version: 1.0.0

About App

VirusTotal v3 app is a service that analyzes suspicious files and facilitates real-time detection of viruses, worms, trojans, and malware content. In Orchestrate, this app lets you upload and scan files, submit and scan URLs, access finished scan reports, and make automatic comments on URLs and samples without the need of using the HTML website interface.

The Virus Total V3 app is configured with the Orchestrate application to perform the following actions:

Action Name

Description

Get an Analysis Report

This action obtains details from the analysis report.

Get Domain Details

This action obtains domain details.

Get File Hash Details

This action retrieves the file hash details.

Get IP Address Details

This action retrieves the IP address details.

Get URL Details

This action retrieves the URL details.

Submit a URL for Analysis

This action submits a URL for report analysis.

Upload a File for Scan

This action submits a file for a scan.

Create a Global Search

This action searches through the virus total dataset in order to identify files that match certain criteria such as antivirus detections, metadata, submission file names, file format structural properties, file size, and many more.

Create a Hunting RuleSet

This action creates a hunting ruleset from a given yara rule.

Get File Feed

This action fetches the file feed.

Get all RetroHunt Jobs

This action fetches all the retro hunt jobs.

Get a URL Feed

This action fetches the URL feed.

Get a Graph by ID

This action retrieves a graph by its unique ID.

Get a Hunting Ruleset by ID

This action retrieves a hunting ruleset by unique ID.

Get a Retrohunt Job by ID

This action retrieves a retro hunt job by ID.

List All Graphs

This action lists all graphs.

List All Hunting Ruleset

This action hunts all rulesets.

Update a Hunting Ruleset

This action updates a hunting ruleset.

Get Group Users

This action retrieves the users of a group

Get Group API Usage

This action retrieves the API consumption of a certain group.

Get User API Usage

This action retrieves information about the user's API usage.

Get Users Quota

This action returns a summary of a user's overall quotas.

Generic Action

This action makes a generic request to the VirusTotal API.

Get Paginated Data

This action retrieves the paginated data.

Configuration Parameters

The following configuration parameters are required for the Virus Total API v3 app to communicate with the Virus Total API v3 enterprise application. The parameters can be configured by creating instances in the app.

Parameter

Description

Field Type

Required/Optional

Comments

API Key

Enter the API key.

Example:

"0imfnc8mVLWwsAawjYr4Rx-Af50DDqtlx"

Text

Required

 

Verify

Choose to perform certificate verification for SSL connections. 

Boolean

Optional

Default value:

True

Timeout

Enter the timeout value in seconds. 

Example:

10

Integer

Optional

Default value:

15

Action: Get an Analysis Report

This action obtains details from the analysis report.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Analysis ID

Enter the analysis ID.

Example:

"bef83dd8-7299-4ac7-8ae5-2b52d691abd6"

Text

Required

Example Request

[
   {
      "analysis_id"": "bef83dd8-7299-4ac7-8ae5-2b52d691abd6"
   }
]
Action: Get Domain Details

This action obtains domain details.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Domain name

Enter the domain name.

Example:

"www.abcd.com"

Text

Required

Action: Get File Hash Details

This action retrieves the file hash details.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

File hash

Enter the file hash.

Text

Required

Allowed values:

  • sha256

  • sha1

  • md5

Action: Get IP Address Details

This action retrieves the IP address details.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

IP address

Enter the IP address.

Example:

8.8.8.8

Text

Required

Action: Get URL Details

This action retrieves the URL details.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

URL

Enter the URL.

Example:

"http://www.abcd.com/index.html"

Text

Required

Action: Submit a URL for Analysis

This action submits a URL for report analysis.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

URL

Enter the URL.

Example:

"http://www.abcd.com/index.html"

Text

Required

Action: Upload a File for Scan

This action submits a file for the scan.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

File path

Enter the local file path.

Example:

"/tmp/fd6cd168-88a1-4357-bd3e-8d824a3a8a2b/example.exe"

Text

Required

Action: Create a Hunting RuleSet

This action creates a hunting ruleset from a given yara rule.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the ruleset.

Example:

"malicious"

Text

Required

Yara rule

Enter the yara rule.

Example:

"""

rule checkKeyword {

strings:

$a = "Keyword"

condition:

$a and filesize > 0

}

"""

Text

Required

Action: Get the File Feed

This action fetches the file feed.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Time

Enter the time in yyyymmddhhmm format.

Example:

"201912010802"

Text

Required

Action: Get all RetroHunt Jobs

This action fetches all the retro hunt jobs.

Action Input Parameters

This action does not require any input parameter.

Action: Get the URL Feed

This action fetches the URL feed.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Time

Enter the time in yyyymmddhhmm format.

Example:

"201912010802"

Text

Required

Action: Get a Graph by ID

This action retrieves a graph by its unique ID.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Unique ID

Enter the unique ID of the graph.

Example:

"bef83dd8-7299-4ac7-8ae5-2b52d691abd6"

Text

Required

Action: Get a Hunting Ruleset by ID

This action retrieves a hunting ruleset by unique ID.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Unique ID

Enter the unique ID associated with the rule.

Example:

"bef83ab8-72679-4ac7-8aere5"

Text

Required

Action: Get a Retro hunt Job by ID

This action retrieves a retro hunt job by ID.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Unique ID

Enter the unique ID of retro hunt jobs.

Example:

"bef83dd8-7299-4gsysn691abd6"

Text

Required

Example Request

[
   {
      "unique_id"": "bef83dd8-7299-4ac7-8ae5-2b52d691abd6"\"
   }
]
Action: List all Graphs

This action lists all graphs.

Action Input Parameters

This action does not require any input parameter.

Action: List all Hunting Ruleset

This action hunts all rulesets.

Action Input Parameters

This action does not require any input parameter.

Action: Update a Hunting Ruleset

This action updates a hunting ruleset.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Unique ID

Enter the unique identifier for the hunting rule set.

Example:

"bef83dd8-7299-4ac7-8ae5-2b52d691abd6"

Text

Required

Rule name

Enter the rule name.

Example:

"inspect"

Text

Required

Yara rule

Enter the yara rule.

Example:

"""

rule checkKeyword {

strings:

$a = "Keyword"

condition:

$a and filesize > 0

}

"""

Text

Required

Action: Get Group Users

This action retrieves the users of a group.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Group ID

Enter the group ID to get the user list.

Text

Required

 

Action: Get Group API Usage

This action retrieves the API consumption of a certain group.

Note

The maximum range of time allowed by this action is 30 days. If a greater range of time is specified, this action will return an error message as a response.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Group ID

Enter the group ID to get the group API usage. 

Text

Required

Start Date

Enter the start date in format YYYYMMDD to filter the response.

Text

Optional

End Date

Enter the end date in format YYYYMMDD to filter the response.

Text

Optional

Action: Get Users Quota

This action returns a summary of a user's overall quotas.

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user ID to get the user's quota. 

Text

Required

 

Action: Get User API Usage

This action retrieves information about the user's API usage.

Note

The maximum range of time allowed by this action is 30 days. If a greater range of time is specified, this action will return an error message as a response.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

User ID

Enter the user ID to get the API usage.

Text

Required

Start Date

Enter the start date in the format YYYYMMDD to filter the response.

Text

Optional

End Date

Enter the end date in the format YYYYMMDD to filter the response.

Text

Optional

Action: Generic Action

This action is used to make a generic request to the VirusTotal API.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Method

Enter the HTTP method to use. 

Example:

GET 

Text

Required

Allowed values:

  • GET

  • POST

  • PUT

  • DELETE

Endpoint

Enter the endpoint to use.

Example:

intelligence/retrohunt_jobs

Text

Required

 

Params

Enter the parameters to use. 

Example:

{'limit': 100}

Key Value

Optional

 

Payload JSON

Enter the payload to use.

Example: 

{\"rules\": <yara_rules>}

Any

Optional

 

Action: Get Paginated Data

This action retrieves the paginated data.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Next Link

Enter the next page link to retrieve the results from a specifc page.

Example:

https://www.virustotal.com/api/v3/groups/cisecurity/relationships/users?cursor=STEwCi4%3D&limit=10

Text

Required