Skip to main content
All CollectionsTemplatesBasic
VirusTotal IPv4 Address Enrichment with Cache - Workflow Template
VirusTotal IPv4 Address Enrichment with Cache - Workflow Template

Workflow that will take an IPv4 address as input and query VirusTotal and return the analysis information to the parent workflow.

Updated over 6 months ago

This workflow template facilitates threat intelligence enrichment by analyzing an IPv4 address using VirusTotal. It fetches cached analysis info if available, or queries VirusTotal, parsing results for malicious or suspicious activity and determining if the IP is private. The enriched data is returned for further use.

Use Cases

Threat Intelligence Enrichment

Workflow Breakdown

  1. Provide an IPv4 address and integration information to the nested workflow

  2. Check if the address has been enriched and is found in the cache, if found return the results

  3. Query VirusTotal for the IPv4 address

  4. Parse the analysis for malicious or suspicious findings. Check if the address is private.

  5. Return the analysis information to the parent workflow

Vendors

Utils, VirusTotal, Torq

Workflow Output

Analysis information from VirusTotal for the IPv4 Address

Did this answer your question?