The VirusTotal Collections feed allows a user to ingest all IoCs (IP Address, Domains, URLs, and Hashes) and related attributes from one or multiple VirusTotal collections.

The integration provides the following endpoint:

• VirusTotal Collections - GET https://www.virustotal.com/api/v3/collections/ {collection_id}

Based on the response of the collection, the integration will then execute four additional GET requests:

• IP Address - GET https://www.virustotal.com/api/v3/collections/{collection_id}/ip_addresses
• Domains - GET https://www.virustotal.com/api/v3/collections/{collection_id}/domains
• URLs - GET https://www.virustotal.com/api/v3/collections/{collection_id}/urls
• Files - GET https://www.virustotal.com/api/v3/collections/{collection_id}/files