This workflow template enables the submission of a file to VirusTotal for comprehensive analysis, incorporating a caching mechanism to optimize the process. It is designed to enhance threat intelligence by checking if the file's hash is already known and cached; if not, it queries VirusTotal. The results categorize the file as malicious, suspicious, or safe, providing crucial data for incident response and analysis phases.
Use Cases
Threat Intelligence Enrichment
Workflow Breakdown
Provide the link to the file and integration information to the nested workflow
Check if the hash of the file has been enriched and found in the cache, if found return the results
Query VirusTotal for the hash of the file, if not found submit the file for analysis
Parse the analysis information for malicious, suspicious and threat categories and names
Return the analysis information to the parent workflow
Vendors
Utils, VirusTotal, Torq