Skip to main content
All CollectionsTemplatesBasic
Cache VirusTotal Threat Intelligence Findings on an IOC - Workflow Template

Cache VirusTotal Threat Intelligence Findings on an IOC - Workflow Template

Receive an IOC from a parent workflow, check the global variable for previous results, if not, query VirusTotal and save results

Updated over a week ago

The Torq workflow template "Cache VirusTotal Threat Intelligence Findings on an IOC" automates threat intelligence processes by checking and caching indicators of compromise (IOC). When triggered, the workflow checks if the IOC has been analyzed within the past 6 hours, utilizing a Global Variable for quick reference. If previously analyzed, it returns the saved data; otherwise, it queries VirusTotal for fresh threat intelligence, then saves and returns the findings. This ensures efficient IOC management and quick access to relevant threat data for security operations.**Use Case**: Threat Intelligence Enrichment **Output**: VirusTotal IOC Information

Take Me to the Template

Optional Triggers

["Webhook"]

Use Cases

Threat Intelligence Enrichment

Workflow Breakdown

  1. Trigger the workflow and provide an IOC

  2. Lookup the Global Variable to see if the IOC has been saved in the past 6 hours

  3. If a Global Variable matches the IOC, return the saved data to the parent workflow

  4. If Global Variable is not found, pull VirusTotal and store the threat intel in the Global Variable

  5. Return the VirusTotal information for the IOC on the exit of the workflow

Vendors

Utils, VirusTotal, Torq

Workflow Output

Result of the IOC information from VirusTotal

Related Articles
Pangea - Domain Enrichment with Cache - Workflow Template
Recorded Future - URL Enrichment with Cache - Workflow Template
VirusTotal URL Enrichment with Cache - Workflow Template
VirusTotal File Hash Enrichment with Cache - Workflow Template
VirusTotal IPv4 Address Enrichment with Cache - Workflow Template
Did this answer your question?