Technology Integrations

Automatic threat detection and response in 3rd-party security technologies

VirusTotal is the richest and most actionable crowdsourced threat intelligence suite. More than 3.6M users a month and tens of thousands of organizations world-wide rely on its threat reputation and context to be safer. Its popularity is such that most 3rd-party security technologies have built off-the-shelf turnkey integrations with our API, powering use cases such as automatic alert triage, event enrichment, false positive discarding, 2nd opinion detection and other threat detections and response flows. Some (not all) of these ubiquitous integrations are listed below, if you would like to ask about some other product or add an entry to this listing please do not hesitate to contact us.

SOAR Platforms

Palo Alto Cortex XSOAR (Demisto)

πŸš€ See content packs

πŸ“– Integrating Cortex XSOAR and VirusTotal for maximum incident response and investigation

πŸ“Ί Cortex XSOAR VirusTotal Livehunt threat feeds

ℹ️ Build a champion SOC with VirusTotal and Palo Alto Cortex XSOAR

Splunk SOAR (Phantom)

πŸš€ Download the integration in Splunkbase

πŸ“– Learn about the integration in the official Splunk documentation site

πŸ“Ί Create playbooks using VirusTotal enrichment

ℹ️ Import a playbook example to enrich your indicators

Chronicle SOAR (Siemplify)

πŸš€ Add VirusTotal from your Chronicle SOAR Integration Marketplace

πŸ“– Learn about the integration in the official Chronicle SOAR documentation site

πŸ“Ί Create playbooks using VirusTotal enrichment

Swimlane

πŸš€ Download the VirusTotal plugin from Swimlane's Apphub

πŸ“– Understand the plugin from the official documentation

πŸ“Ί Watch how VirusTotal leverages your Swimlane experience!

ServiceNow

πŸš€ Download the VirusTotal integration from the ServiceNow store

πŸ“– Set up the VirusTotal integration and start enriching with Threat Intelligence

πŸ“Ί In this recording you can find the steps to set VirusTotal up in ServiceNow

IBM Qradar SOAR (Resilient)

πŸš€ Download from IBM's App Exchange

πŸ“– Improve your playbooks following the official documentation

Exabeam

πŸš€ Improve your Incident Response with the VirusTotal integration

Logpoint SOAR

πŸš€ Configure the VirusTotal integration in your Logpoint instance

πŸ“– Check some playbook examples using VT such as email investigation or phishing response

Securonix SOAR

πŸš€ Automate secops connecting the VirusTotal integration

Rapid7 InsightConnect

πŸš€ Install the VirusTotal and VirusTotal YARA extensions to improve and automate your detection

πŸ“– Empower your playbooks using VirusTotal intelligence

TheHive

πŸš€ Cortex analyzer allowing you to enrich and scan any IoC kind


SIEM/XDR/TDR/Security Analytics Platforms

Chronicle

πŸš€ Contact us to empower Chronicle with VirusTotal Intelligence

πŸ“– Learn about the advantages of combining Chronicle and VirusTotal

VT4SPlunk, the official VirusTotal Splunk Integration

πŸš€ Start unearthing threats, vulnerabilities and Threat Actors from your Splunk events

πŸ“– Learn about the insights VT4Splunk is going to bring to your Splunk

πŸ“Ί Watch how to set it up and how it looks

Microsoft Sentinel

πŸš€ Activate the VirusTotal connector from the Sentinel marketplace

πŸ“– Check what the VirusTotal connector is capable of

πŸ“Ί Create playbooks using VirusTotal reports

ℹ️ Automate your Sentinel incident triage

Palo Alto Cortex XDR

πŸš€ Configure the VirusTotal Threat Intel integration following the official guide

πŸ“– Investigate Incident key assets and artifacts

Cisco SecureX

πŸš€ Follow these steps to integrate VT with SecureX

πŸ“Ί Start enriching your indicators with VirusTotal

IBM Qradar

πŸš€ Get the latest VT Integration for Qradar from IBM's App Exchange

πŸ“– Enrich your IOCs in Qradar following the official documentation

Securonix Snypr

πŸš€ Contact us to get an API key to configure automatic response with VirusTotal

πŸ“– Run enhanced playbooks

Logpoint

πŸš€ Configure the VirusTotal integration in your Logpoint instance

πŸ“– Enhance your threat hunting with VirusTotal + Logpoint

Wazuh

πŸš€ Follow these steps to configure the VT integration

πŸ“– Learn how the VirusTotal integration can be used for scanning files

ℹ️ Detect and remove malware


EDRs / EPPs / Nextgens / AVs / Endpoint Agents

Crowdstrike

πŸš€ Get the official VirusTotal integration!

πŸ“– Understand how VirusTotal enhances your experience in Crowdstrike

πŸ“Ί Watch how to augment your Incident Response

ℹ️ Use VirusTotal to automate your SOC workflow

McAfee / Trellix

πŸš€ Create and import a malicious file hash feed

πŸš€ Enhance your Threat Intelligence Exchange server with VirusTotal enrichment

Symantec

πŸš€ When investigating a file, send it to VirusTotal to gather context

πŸ“Ί Watch how to use VirusTotal as a second opinion

Tanium

πŸš€ Overlay IoC reputation for processes and other artifacts recorded by Tanium

πŸ“Ί Watch how to identify risk in your Enterprise by checking Tanium data against VirusTotal


TIP Platorms

MISP

πŸš€ Get the VirusTotal import module

πŸ“– Check how to export and import VT Collections to MISP to empower your investigation!

Anomali Threatstream

πŸš€ Find the VirusTotal threat analysis tool in Anomali's marketplace

πŸ“– Learn how to set the VT integration up and what capabilities it offers


Email gateways / Mailbox defense / Phishing email analysis

KnowBe4 Phisher

πŸš€ Enhance your phishing protection with VirusTotal

Proofpoint

πŸš€ Follow the guide to automate your Incident Response with VirusTotal


SASE / Secure DNS

Cloudflare One

πŸš€ Use threat intelligence from VirusTotal to create rules within Cloudflare products

Zscaler

πŸš€ Follow these simple steps and enrich your logs


Network perimeter

Broadcom Content Analysis

πŸ“– Supercharge malware analysis by activating the VirusTotal service


Forensics

EnCase

πŸš€ Generate hash values for all tagged files and send the hash value to VirusTotal for scoring


Productivity Suites

Google Workspace Alert Center

πŸš€ View VirusTotal reports from the alert center

πŸ“– Check how VirusTotal enriches your alerts

ℹ️ Gmail events are also enriched with VirusTotal!


❗️

Is your platform missing?

This list is not exhaustive, contact us to see if we support it or check VT4Browsers, our pragmatic browser extension that will enrich every indicator displayed in any platform!