Skip to main content
All CollectionsTemplatesBasic
Cache VirusTotal Threat Intelligence Findings on an IOC - Workflow Template
Cache VirusTotal Threat Intelligence Findings on an IOC - Workflow Template

Receive an IOC from a parent workflow, check the global variable for previous results, if not, query VirusTotal and save results

Updated over a week ago

This workflow template, "Cache VirusTotal Threat Intelligence Findings on an IOC," is designed to enhance threat intelligence operations by caching intelligence findings. When an Indicator of Compromise (IOC) is submitted, it checks if the IOC has been analyzed within the past 6 hours. If so, the saved data is returned; if not, VirusTotal is queried, and the new threat intelligence is stored globally for future reference, streamlining repetitive lookups and conserving valuable resources.

Optional Triggers

Webhook

Use Cases

Threat Intelligence Enrichment

Workflow Breakdown

  1. Trigger the workflow and provide an IOC

  2. Lookup the Global Variable to see if the IOC has been saved in the past 6 hours

  3. If a Global Variable matches the IOC, return the saved data to the parent workflow

  4. If Global Variable is not found, pull VirusTotal and store the threat intel in the Global Variable

  5. Return the VirusTotal information for the IOC on the exit of the workflow

Vendors

Utils, VirusTotal, Torq

Workflow Output

Result of the IOC information from VirusTotal

Did this answer your question?