This workflow template automates the process of threat intelligence enrichment by querying VirusTotal with an indicator of compromise (IOC), such as an IP address, domain, or file hash. Once the threat data is obtained, it leverages OpenAI's capabilities to summarize the findings, providing a succinct overview ideal for including in alerts or case management systems. This streamlines the threat analysis and response process, making it well-suited for security teams needing rapid context for potential threats.
Use Cases
Threat Intelligence Enrichment
Workflow Breakdown
Receive an IOC from a parent workflow
Find the IOC type and query against VirusTotal
Send the results to OpenAI to provide a short summary that can be included in a message or case
Vendors
Utils, VirusTotal, OpenAI
Workflow Output
If the query to VirusTotal succeeds, a short summary of the VirusTotal information from OpenAI.