This workflow template facilitates threat intelligence enrichment by analyzing an IPv4 address using VirusTotal. It fetches cached analysis info if available, or queries VirusTotal, parsing results for malicious or suspicious activity and determining if the IP is private. The enriched data is returned for further use.
Use Cases
Threat Intelligence Enrichment
Workflow Breakdown
Provide an IPv4 address and integration information to the nested workflow
Check if the address has been enriched and is found in the cache, if found return the results
Query VirusTotal for the IPv4 address
Parse the analysis for malicious or suspicious findings. Check if the address is private.
Return the analysis information to the parent workflow
Vendors
Utils, VirusTotal, Torq
Workflow Output
Analysis information from VirusTotal for the IPv4 Address