
Apr 15, 2025
1.2.0
ThreatQ Versions >= 5.19.0
VirusTotal Action Bundle
Overview
The VirusTotal Action submits a collection of FQDN and supported objects to the VirusTotal API in individual HTTP Requests. VirusTotal returns a response for each object containing any information it has about the indicator.
The action can perform the following functions:
The action can perform the following functions:
- VirusTotal - enriches supported objects with attributes and related objects describing the Indicator of Compromise.
The action is compatible with the following indicator types:
- FQDN
- IP Address
- MD5
- SHA-256
- SHA-1
- URL
The action returns the following enriched indicator objects:
- FQDN
- IP Address
- MD5
- SHA-256
- SHA-1
- URL
Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.