Skip to main content
All CollectionsTemplatesBasic
Cache VirusTotal Threat Intelligence Findings on an IOC - Workflow Template
Cache VirusTotal Threat Intelligence Findings on an IOC - Workflow Template

Receive an IOC from a parent workflow, check the global variable for previous results, if not, query VirusTotal and save results

Updated over a week ago

This workflow template, "Cache VirusTotal Threat Intelligence Findings on an IOC," is designed to enhance threat intelligence operations by caching intelligence findings. When an Indicator of Compromise (IOC) is submitted, it checks if the IOC has been analyzed within the past 6 hours. If so, the saved data is returned; if not, VirusTotal is queried, and the new threat intelligence is stored globally for future reference, streamlining repetitive lookups and conserving valuable resources.

Take Me to the Template

Optional Triggers

Webhook

Use Cases

Threat Intelligence Enrichment

Workflow Breakdown

  1. Trigger the workflow and provide an IOC

  2. Lookup the Global Variable to see if the IOC has been saved in the past 6 hours

  3. If a Global Variable matches the IOC, return the saved data to the parent workflow

  4. If Global Variable is not found, pull VirusTotal and store the threat intel in the Global Variable

  5. Return the VirusTotal information for the IOC on the exit of the workflow

Vendors

Utils, VirusTotal, Torq

Workflow Output

Result of the IOC information from VirusTotal

Related Articles
Shodan - Domain Enrichment with Cache - Workflow Template
Pangea - Domain Enrichment with Cache - Workflow Template
Recorded Future - URL Enrichment with Cache - Workflow Template
Pangea - File Hash Enrichment with Cache - Workflow Template
Recorded Future - IP Address Enrichment with Cache - Workflow Template
Did this answer your question?