This workflow template provides automatic enrichment for domains using VirusTotal, offering critical threat intelligence insights. It is designed to streamline the process of verifying whether a domain is related to malicious, suspicious, or phishing activities. When initiated, it checks an internal cache for existing analysis data, if absent, it queries VirusTotal for a fresh analysis. The retrieved data is parsed for any red flags and cached for future reference, optimizing the workflow's efficiency for repeat checks. This template is crucial for security operations, ensuring prompt identification and remediation of threats associated with domains.
Use Cases
Threat Intelligence Enrichment
Workflow Breakdown
Provide a domain and integration information to the nested workflow
Check if the domain has been enriched and is found in the cache, if found return results
Query VirusTotal for the domain analyis
Parse the analysis information for malicious, suspicious, or phishing findings
Return the analysis information to the parent workflow.
Vendors
Utils, VirusTotal, Torq
Workflow Output
Analysis information from VirusTotal for the domain.