The VirusTotal LiveHunt CDF ingests and enriches Incident type Events and related indicators into your ThreatQ platform from your VirusTotal LiveHunt environment.

ThreatQ recommends using this integration in conjunction with VirusTotal LiveHunt Operation. The Operation will push YARA Signatures from ThreatQ to VirusTotal LiveHunt, and the CDF will ingest data related to each signature from VirusTotal LiveHunt back into ThreatQ.

The integration provides the following endpoint:

• VirusTotal LiveHunt - ingests incident type Events that can be enriched with attributes and related Indicators.

The integration ingests the following system object types:

• Events
• Event Attributes
• Indicators