This workflow template facilitates Threat Intelligence Enrichment by automating the scanning of a batch of URLs using VirusTotal. Upon receipt of an array of URLs, it executes a parallel loop to check each URL against VirusTotal's database. If initial results are absent, URLs are submitted for analysis and results are awaited. It produces a detailed report for each URL when at least one engine flags it as malicious or suspicious and delivers a summary of the entire URL set. Essential for organizations looking to bolster their cybersecurity posture with prompt and comprehensive URL threat analysis.
Use Cases
Threat Intelligence Enrichment
Workflow Breakdown
Receive an array of URLs from a parent workflow
Loop over each URL in parallel
Query VirusTotal for results. If results are found collect results.
If results were not found, submit URL for analysis with VirusTotal and collect results
Provide statistics per URL when 1 or more engines report malicious or suspicious and a summary count of all URLs
Vendors
Utils, VirusTotal
Workflow Output
Output of each URL that is found to be malicious or suspicious and a summary of all URLs in the array by malicious and suspicious count.