Virus Total V3
App Vendor: Virus Total
Connector Category: Data Enrichment & Threat Intelligence
Connector Version: 1.3.1
API Version: 1.0.0
About App
VirusTotal v3 app is a service that analyzes suspicious files and facilitates real-time detection of viruses, worms, trojans, and malware content. In Orchestrate, this app lets you upload and scan files, submit and scan URLs, access finished scan reports, and make automatic comments on URLs and samples without the need of using the HTML website interface.
The Virus Total V3 app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
---|---|
Get an Analysis Report | This action obtains details from the analysis report. |
Get Domain Details | This action obtains domain details. |
Get File Hash Details | This action retrieves the file hash details. |
Get IP Address Details | This action retrieves the IP address details. |
Get URL Details | This action retrieves the URL details. |
Submit a URL for Analysis | This action submits a URL for report analysis. |
Upload a File for Scan | This action submits a file for a scan. |
Create a Global Search | This action searches through the virus total dataset in order to identify files that match certain criteria such as antivirus detections, metadata, submission file names, file format structural properties, file size, and many more. |
Create a Hunting RuleSet | This action creates a hunting ruleset from a given yara rule. |
Get File Feed | This action fetches the file feed. |
Get all RetroHunt Jobs | This action fetches all the retro hunt jobs. |
Get a URL Feed | This action fetches the URL feed. |
Get a Graph by ID | This action retrieves a graph by its unique ID. |
Get a Hunting Ruleset by ID | This action retrieves a hunting ruleset by unique ID. |
Get a Retrohunt Job by ID | This action retrieves a retro hunt job by ID. |
List All Graphs | This action lists all graphs. |
List All Hunting Ruleset | This action hunts all rulesets. |
Update a Hunting Ruleset | This action updates a hunting ruleset. |
Get Group Users | This action retrieves the users of a group |
Get Group API Usage | This action retrieves the API consumption of a certain group. |
Get User API Usage | This action retrieves information about the user's API usage. |
Get Users Quota | This action returns a summary of a user's overall quotas. |
Generic Action | This action makes a generic request to the VirusTotal API. |
Get Paginated Data | This action retrieves the paginated data. |
Configuration Parameters
The following configuration parameters are required for the Virus Total API v3 app to communicate with the Virus Total API v3 enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
API Key | Enter the API key. Example: "0imfnc8mVLWwsAawjYr4Rx-Af50DDqtlx" | Text | Required |
|
Verify | Choose to perform certificate verification for SSL connections. | Boolean | Optional | Default value: True |
Timeout | Enter the timeout value in seconds. Example: 10 | Integer | Optional | Default value: 15 |
Action: Get an Analysis Report
This action obtains details from the analysis report.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Analysis ID | Enter the analysis ID. Example: "bef83dd8-7299-4ac7-8ae5-2b52d691abd6" | Text | Required |
Example Request
[ { "analysis_id"": "bef83dd8-7299-4ac7-8ae5-2b52d691abd6" } ]
Action: Get Domain Details
This action obtains domain details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Domain name | Enter the domain name. Example: "www.abcd.com" | Text | Required |
Action: Get File Hash Details
This action retrieves the file hash details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
File hash | Enter the file hash. | Text | Required | Allowed values:
|
Action: Get IP Address Details
This action retrieves the IP address details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
IP address | Enter the IP address. Example: 8.8.8.8 | Text | Required |
Action: Get URL Details
This action retrieves the URL details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
URL | Enter the URL. Example: "http://www.abcd.com/index.html" | Text | Required |
Action: Submit a URL for Analysis
This action submits a URL for report analysis.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
URL | Enter the URL. Example: "http://www.abcd.com/index.html" | Text | Required |
Action: Upload a File for Scan
This action submits a file for the scan.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
File path | Enter the local file path. Example: "/tmp/fd6cd168-88a1-4357-bd3e-8d824a3a8a2b/example.exe" | Text | Required |
Action: Create a Global Search
This action searches through the virus total dataset in order to identify files that match certain criteria such as antivirus detections, metadata, submission file names, file format structural properties, file size, and many more.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Query | Enter the query. You can search for the hash, IP, URL, and much more. | Text | Required |
Action: Create a Hunting RuleSet
This action creates a hunting ruleset from a given yara rule.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Name | Enter the name of the ruleset. Example: "malicious" | Text | Required | |
Yara rule | Enter the yara rule. Example: """ rule checkKeyword { strings: $a = "Keyword" condition: $a and filesize > 0 } """ | Text | Required |
Action: Get the File Feed
This action fetches the file feed.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Time | Enter the time in yyyymmddhhmm format. Example: "201912010802" | Text | Required |
Action: Get all RetroHunt Jobs
This action fetches all the retro hunt jobs.
Action Input Parameters
This action does not require any input parameter.
Action: Get the URL Feed
This action fetches the URL feed.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Time | Enter the time in yyyymmddhhmm format. Example: "201912010802" | Text | Required |
Action: Get a Graph by ID
This action retrieves a graph by its unique ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Unique ID | Enter the unique ID of the graph. Example: "bef83dd8-7299-4ac7-8ae5-2b52d691abd6" | Text | Required |
Action: Get a Hunting Ruleset by ID
This action retrieves a hunting ruleset by unique ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Unique ID | Enter the unique ID associated with the rule. Example: "bef83ab8-72679-4ac7-8aere5" | Text | Required |
Action: Get a Retro hunt Job by ID
This action retrieves a retro hunt job by ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Unique ID | Enter the unique ID of retro hunt jobs. Example: "bef83dd8-7299-4gsysn691abd6" | Text | Required |
Example Request
[ { "unique_id"": "bef83dd8-7299-4ac7-8ae5-2b52d691abd6"\" } ]
Action: List all Graphs
This action lists all graphs.
Action Input Parameters
This action does not require any input parameter.
Action: List all Hunting Ruleset
This action hunts all rulesets.
Action Input Parameters
This action does not require any input parameter.
Action: Update a Hunting Ruleset
This action updates a hunting ruleset.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Unique ID | Enter the unique identifier for the hunting rule set. Example: "bef83dd8-7299-4ac7-8ae5-2b52d691abd6" | Text | Required | |
Rule name | Enter the rule name. Example: "inspect" | Text | Required | |
Yara rule | Enter the yara rule. Example: """ rule checkKeyword { strings: $a = "Keyword" condition: $a and filesize > 0 } """ | Text | Required |
Action: Get Group Users
This action retrieves the users of a group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Group ID | Enter the group ID to get the user list. | Text | Required |
|
Action: Get Group API Usage
This action retrieves the API consumption of a certain group.
Note
The maximum range of time allowed by this action is 30 days. If a greater range of time is specified, this action will return an error message as a response.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Group ID | Enter the group ID to get the group API usage. | Text | Required | |
Start Date | Enter the start date in format YYYYMMDD to filter the response. | Text | Optional | |
End Date | Enter the end date in format YYYYMMDD to filter the response. | Text | Optional |
Action: Get Users Quota
This action returns a summary of a user's overall quotas.
Parameter | Description | Field Type | Required/Optional | Comments |
User ID | Enter the user ID to get the user's quota. | Text | Required |
|
Action: Get User API Usage
This action retrieves information about the user's API usage.
Note
The maximum range of time allowed by this action is 30 days. If a greater range of time is specified, this action will return an error message as a response.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
User ID | Enter the user ID to get the API usage. | Text | Required | |
Start Date | Enter the start date in the format YYYYMMDD to filter the response. | Text | Optional | |
End Date | Enter the end date in the format YYYYMMDD to filter the response. | Text | Optional |
Action: Generic Action
This action is used to make a generic request to the VirusTotal API.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Method | Enter the HTTP method to use. Example: GET | Text | Required | Allowed values:
|
Endpoint | Enter the endpoint to use. Example: intelligence/retrohunt_jobs | Text | Required |
|
Params | Enter the parameters to use. Example: {'limit': 100} | Key Value | Optional |
|
Payload JSON | Enter the payload to use. Example: {\"rules\": <yara_rules>} | Any | Optional |
|
Action: Get Paginated Data
This action retrieves the paginated data.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Next Link | Enter the next page link to retrieve the results from a specifc page. Example: https://www.virustotal.com/api/v3/groups/cisecurity/relationships/users?cursor=STEwCi4%3D&limit=10 | Text | Required |