VT Alerts

Alerts allows you to receive notifications on additions and changes in the VirusTotal dataset.

We currently support the following types of alerts:

Domain alerts

Based on your domain, we’ll monitor events that involve your domain, or any of the URLs under it.

These include:

  • Domain has positives
  • URL under the domain has positives
  • Domain was found in the raw binary body of a file with positives
  • A file with positives is communicating with this domain, or with an URL under it
  • A file with positives was downloaded from an URL in this domain
  • Domain was found as a subdomain of another domain or URL with positives (subdomain abuse)
  • Another domain is potentially typosquatting this domain

VT Alerts create form for Domains

IP-based alerts

Based on your IP address or range, we’ll monitor events that involve those.

These include:

  • IP in the range provided has positives
  • URL/Domain resolving to an IP in the range has positives
  • IP in the range was found in the raw binary body of a file with positives
  • A file with positives is communicating with an IP in the range
  • A file with positives was downloaded from an IP in the range

VT Alerts create form for IPs

Brand-based alerts

Based on the domain for your brand, and optionally, custom HTML or strings, we’ll monitor events involving those.

These include:

  • Similar favicons to your domain’s are used in URLs with positives
  • Strings/HTML snippets you provided are found in URLs with positives

All the notifications have the following properties:

  • Date and time of match
  • Severity
  • Type of entity the notification is about (IPs, Domains, URLs, and Files)
  • Detection category of the event
  • Use-Case category of the event

VT Alerts create form for Brand

Detection Categories

Available detection categories are:

  • Brand Matching
  • Detected Domain
  • Detected IP
  • Detected URL
  • Domain Typosquatting
  • Favicon Reuse
  • File communicating with Domain
  • File communicating with IP
  • File communicating with URL
  • File downloaded from Domain
  • File downloaded from IP
  • File downloaded from URL
  • Pattern found in raw binary body of file
  • Subdomain Abuse

Use-Case Categories and Detection Categories

These are the available use-case categories, with the matching detection categories:

  • Corporate Infrastructure Abuse

Which includes the following detection categories:

  • Detected domains
  • Detected IPs
  • Detected URLs
  • Detected (domain/URL) in IP range
  • Downloaded files
  • Communicating files
  • Phishing & Counterfeiting

Which includes the following detection categories:

  • Domain Typosquatting
  • Icon Reuse
  • Subdomain Abuse
  • Brand Impersonation

Which includes the following detection categories:

  • Icon Reuse
  • String/HTML matches
  • Potential False Positives

Which includes the following detection categories:

  • Detected domains, IPs, URLs with just 1 positive

Updated 5 months ago