Skip to main content
All CollectionsTemplatesBasic
VirusTotal File Hash Enrichment with Cache - Workflow Template
VirusTotal File Hash Enrichment with Cache - Workflow Template

Nested workflow that will take a File Hash as input and query VirusTotal for analysis and if the hash is found, return the results.

Updated over 6 months ago

This Torq workflow template offers a nested process to identify and analyze File Hashes utilizing VirusTotal's comprehensive scan results. When provided with a hash, it checks for pre-existing analysis results in a cache. If no cached analysis is present, VirusTotal is queried. The analysis information includes classifications like malicious or suspicious along with detailed threat categories and names. The workflow also facilitates the return of parsed analysis data back to the parent process, enhancing threat intelligence enrichment functions.

Use Cases

Threat Intelligence Enrichment

Workflow Breakdown

  1. Provide File Hash and integration information to the nested workflow

  2. Check if the File Hash has been enriched and is found in the cache, if found return results.

  3. Query VirusTotal for the File Hash

  4. Parse the analysis information for malicious, suspicious, and threat categories and names

  5. Return the analysis information to the parent workflow

Vendors

Utils, VirusTotal, Torq

Workflow Output

Analysis information from VirusTotal for the File Hash.

Did this answer your question?