Skip to main content
All CollectionsTemplatesBasic
VirusTotal Combined Observable Enrichment - Workflow Template
VirusTotal Combined Observable Enrichment - Workflow Template

Extract multiple observables from raw text and performs enrichment for each observable in VirusTotal and returns analysis information.

Updated over a week ago

This workflow template, VirusTotal Combined Observable Enrichment, is designed for threat intelligence teams to analyze and extract valuable information such as file hashes, IP addresses, domains, and URLs from raw text. It employs VirusTotal for detailed enrichment, returning comprehensive analysis results on the observables. The workflow is composed of nested workflows for specific observables, which utilize caching for efficient querying. The use of this workflow enables teams to swiftly identify potential threats in data and take informed actions to mitigate risks.

Use Cases

Threat Intelligence Enrichment

Workflow Breakdown

  1. Receive raw text from a parent workflow and extract observables

  2. Check if extracted observables contain file hashes, ip addresses, domains or URLs.

  3. For each extracted observable, query VirusTotal for enrichment.

Vendors

Scripting, Utils, VirusTotal, Torq

Workflow Output

A list of analysis results. Each item can contain the original analysis data and a summary.

Tips

Set \"Provide Raw Data Analysis\" to true or false to add or remove original vendor information to the output

Did this answer your question?