Skip to main content
All CollectionsTemplatesBasic
Submit a File for Analysis to VirusTotal with Cache - Workflow Template
Submit a File for Analysis to VirusTotal with Cache - Workflow Template

Submit a file to VirusTotal for analysis and provide a simple cache for the analysis results. Use URLs or Torq file links to the file.

Updated over a week ago

This workflow template streamlines the submission of a file for analysis to VirusTotal and caches the results, enhancing threat intelligence capabilities. The process involves checking if file hash data is already stored in the cache to avoid unnecessary submissions. If the data isn't cached, the workflow submits the file to VirusTotal and waits for a thorough analysis, categorizing the file as malicious, suspicious, or benign based on configurable criteria and stores this information for subsequent reuse.

Use Cases

Threat Intelligence Enrichment

Workflow Breakdown

  1. Provide the link to the file and integration information to the nested workflow

  2. Check if the hash of the file has been enriched and found in the cache, if found return the results

  3. Query VirusTotal for the hash of the file, if not found submit the file for analysis

  4. Parse the analysis information for malicious, suspicious and threat categories and names

  5. Return the analysis information to the parent workflow

Vendors

Utils, VirusTotal, Torq

Did this answer your question?