The VirusTotal IOC Stream CDF returns different types of objects (files, URLs, domains, IP addresses) coming from multiple origins. Depending on the origin of the notification there will be different context attributes added to these objects.

The integration provides the following feed:

• VirusTotal IOC Stream - ingests IOCs from the VirusTotal IOC Stream feed and stores them along with selected Context attributes.

The integration ingests following object types:

• Indicators
• Filename
• Fuzzy Hash
• IP Address
• MD5
• SHA-1
• SHA-256
• Malware