This Torq workflow template automates the process of URL threat intelligence enrichment using VirusTotal. It accepts a URL as an input, checks for existing analysis results in a cache, and if not present, queries VirusTotal for current details. The workflow parses the VirusTotal analysis for malicious, phishing, and suspicious indicators, and returns this information to the parent workflow. Ideal for teams requiring quick threat context for URLs without manual lookup, enhancing threat detection and security automation.
Use Cases
Threat Intelligence Enrichment
Workflow Breakdown
Provide URL and integration information to the nested workflow
Check if the URL has been enriched and is found in the cache, if found return results.
Query VirusTotal for the URL, if not found submit URL for analysis
Parse the analysis for malicious, phishing and suspicious findings
Return the analysis information to the parent workflow.
Vendors
Utils, VirusTotal, Torq
Workflow Output
Analysis information from VirusTotal for the URL