Skip to main content
All CollectionsTemplatesBasic
VirusTotal IOC Lookup with Summary of Results from OpenAI - Workflow Template
VirusTotal IOC Lookup with Summary of Results from OpenAI - Workflow Template

Used as a nested workflow, receive an IP address, domain or file hash and query VirusTotal and send the details to OpenAI for a summary.

Updated over 10 months ago

This workflow template automates the process of threat intelligence enrichment by querying VirusTotal with an indicator of compromise (IOC), such as an IP address, domain, or file hash. Once the threat data is obtained, it leverages OpenAI's capabilities to summarize the findings, providing a succinct overview ideal for including in alerts or case management systems. This streamlines the threat analysis and response process, making it well-suited for security teams needing rapid context for potential threats.

Take Me to the Template

Use Cases

Threat Intelligence Enrichment

Workflow Breakdown

  1. Receive an IOC from a parent workflow

  2. Find the IOC type and query against VirusTotal

  3. Send the results to OpenAI to provide a short summary that can be included in a message or case

Vendors

Utils, VirusTotal, OpenAI

Workflow Output

If the query to VirusTotal succeeds, a short summary of the VirusTotal information from OpenAI.

Related Articles
Cache VirusTotal Threat Intelligence Findings on an IOC - Workflow Template
VirusTotal Domain Enrichment with Cache - Workflow Template
VirusTotal URL Enrichment with Cache - Workflow Template
VirusTotal File Hash Enrichment with Cache - Workflow Template
VirusTotal IPv4 Address Enrichment with Cache - Workflow Template
Did this answer your question?