Skip to main content
All CollectionsTemplatesBasic
VirusTotal Combined Observable Enrichment - Workflow Template
VirusTotal Combined Observable Enrichment - Workflow Template

Extract multiple observables from raw text and performs enrichment for each observable in VirusTotal and returns analysis information.

Updated over 6 months ago

This workflow template, VirusTotal Combined Observable Enrichment, is designed for threat intelligence teams to analyze and extract valuable information such as file hashes, IP addresses, domains, and URLs from raw text. It employs VirusTotal for detailed enrichment, returning comprehensive analysis results on the observables. The workflow is composed of nested workflows for specific observables, which utilize caching for efficient querying. The use of this workflow enables teams to swiftly identify potential threats in data and take informed actions to mitigate risks.

Take Me to the Template

Use Cases

Threat Intelligence Enrichment

Workflow Breakdown

  1. Receive raw text from a parent workflow and extract observables

  2. Check if extracted observables contain file hashes, ip addresses, domains or URLs.

  3. For each extracted observable, query VirusTotal for enrichment.

Vendors

Scripting, Utils, VirusTotal, Torq

Workflow Output

A list of analysis results. Each item can contain the original analysis data and a summary.

Tips

Set \"Provide Raw Data Analysis\" to true or false to add or remove original vendor information to the output

Related Articles
VirusTotal URL Enrichment with Cache - Workflow Template
Recorded Future - IoC Enrichment - Workflow Template
AlienVault Combined Observable Enrichment - Workflow Template
VirusTotal File Hash Enrichment with Cache - Workflow Template
VirusTotal IPv4 Address Enrichment with Cache - Workflow Template
Did this answer your question?