This Torq workflow template offers a nested process to identify and analyze File Hashes utilizing VirusTotal's comprehensive scan results. When provided with a hash, it checks for pre-existing analysis results in a cache. If no cached analysis is present, VirusTotal is queried. The analysis information includes classifications like malicious or suspicious along with detailed threat categories and names. The workflow also facilitates the return of parsed analysis data back to the parent process, enhancing threat intelligence enrichment functions.
Use Cases
Threat Intelligence Enrichment
Workflow Breakdown
Provide File Hash and integration information to the nested workflow
Check if the File Hash has been enriched and is found in the cache, if found return results.
Query VirusTotal for the File Hash
Parse the analysis information for malicious, suspicious, and threat categories and names
Return the analysis information to the parent workflow
Vendors
Utils, VirusTotal, Torq
Workflow Output
Analysis information from VirusTotal for the File Hash.