This workflow template streamlines the submission of a file for analysis to VirusTotal and caches the results, enhancing threat intelligence capabilities. The process involves checking if file hash data is already stored in the cache to avoid unnecessary submissions. If the data isn't cached, the workflow submits the file to VirusTotal and waits for a thorough analysis, categorizing the file as malicious, suspicious, or benign based on configurable criteria and stores this information for subsequent reuse.
Use Cases
Threat Intelligence Enrichment
Workflow Breakdown
Provide the link to the file and integration information to the nested workflow
Check if the hash of the file has been enriched and found in the cache, if found return the results
Query VirusTotal for the hash of the file, if not found submit the file for analysis
Parse the analysis information for malicious, suspicious and threat categories and names
Return the analysis information to the parent workflow
Vendors
Utils, VirusTotal, Torq