Skip to main content
All CollectionsTemplatesBasic
VirusTotal Domain Enrichment with Cache - Workflow Template
VirusTotal Domain Enrichment with Cache - Workflow Template

Nested workflow that will take a Domain as input and query VirusTotal for the domain and return analysis information to the parent workflow.

Updated over 6 months ago

This workflow template provides automatic enrichment for domains using VirusTotal, offering critical threat intelligence insights. It is designed to streamline the process of verifying whether a domain is related to malicious, suspicious, or phishing activities. When initiated, it checks an internal cache for existing analysis data, if absent, it queries VirusTotal for a fresh analysis. The retrieved data is parsed for any red flags and cached for future reference, optimizing the workflow's efficiency for repeat checks. This template is crucial for security operations, ensuring prompt identification and remediation of threats associated with domains.

Use Cases

Threat Intelligence Enrichment

Workflow Breakdown

  1. Provide a domain and integration information to the nested workflow

  2. Check if the domain has been enriched and is found in the cache, if found return results

  3. Query VirusTotal for the domain analyis

  4. Parse the analysis information for malicious, suspicious, or phishing findings

  5. Return the analysis information to the parent workflow.

Vendors

Utils, VirusTotal, Torq

Workflow Output

Analysis information from VirusTotal for the domain.

Did this answer your question?