This workflow template, VirusTotal Combined Observable Enrichment, is designed for threat intelligence teams to analyze and extract valuable information such as file hashes, IP addresses, domains, and URLs from raw text. It employs VirusTotal for detailed enrichment, returning comprehensive analysis results on the observables. The workflow is composed of nested workflows for specific observables, which utilize caching for efficient querying. The use of this workflow enables teams to swiftly identify potential threats in data and take informed actions to mitigate risks.
Use Cases
Threat Intelligence Enrichment
Workflow Breakdown
Receive raw text from a parent workflow and extract observables
Check if extracted observables contain file hashes, ip addresses, domains or URLs.
For each extracted observable, query VirusTotal for enrichment.
Vendors
Scripting, Utils, VirusTotal, Torq
Workflow Output
A list of analysis results. Each item can contain the original analysis data and a summary.
Tips
Set \"Provide Raw Data Analysis\" to true or false to add or remove original vendor information to the output