https://community.splunk.com/t5/Knowledge-Management/VirusTotal-API-scan-in-workflow-http-request/m-p/448022#M3983 <P>"elpred0 · 7 hours ago More...<BR /> Hello,</P> <P>Configure the workflow action in post mode, URI: <A href="https://www.virustotal.com/vtapi/v2/url/scan">https://www.virustotal.com/vtapi/v2/url/scan</A></P> <P>Post Arguments:<BR /> apikey = your_apikey<BR /> url = $field$</P> <P>It will open a json response with a perma link to your analysis."</P> Thu, 13 Sep 2018 18:46:35 GMT vwolf80 2018-09-13T18:46:35Z https://community.splunk.com/t5/Knowledge-Management/VirusTotal-API-scan-in-workflow-http-request/m-p/448019#M3980 <P>Hello All,</P> <P>I am working on a solution that requires a "workflow action" to give a drop down when searching against a "url" field when a search has been initiated for a User's URL/web history.</P> <P>We are filtering results from a security appliance for web traffic / firewall filtering.</P> <P>We use VirusTotal for the bulk of our URL scans for remediation. I would like to click on the "Event Action (Verbose Mode)" and click on the custom VirusTotal workflow that I created. We have a functioning WHOIS workflow function and it is working beautifully. But VirusTotal has certain restrictions on how data is fed to them via their website.</P> <P>I would love to have this function like the "WHOIS" search and pop the results via the VirusTotal website.</P> <P>I have researched all that I can so far, I do have a public API for searching if needed.</P> <P>Does anyone have any information on what to do next? I have listed below some examples for what VirusTotal provides.</P> <P><A href="https://www.virustotal.com/vtapi/v2/file/scan/upload_url?apikey=">https://www.virustotal.com/vtapi/v2/file/scan/upload_url?apikey=</A></P> <P><A href="https://www.virustotal.com/vtapi/v2/url/scan">https://www.virustotal.com/vtapi/v2/url/scan</A></P> <UL> <LI>Thanks Everyone!</LI> </UL> Mon, 10 Sep 2018 20:44:54 GMT https://community.splunk.com/t5/Knowledge-Management/VirusTotal-API-scan-in-workflow-http-request/m-p/448019#M3980 vwolf80 2018-09-10T20:44:54Z https://community.splunk.com/t5/Knowledge-Management/VirusTotal-API-scan-in-workflow-http-request/m-p/448020#M3981 <P>Hello,</P> <P>Configure the workflow action in post mode, URI: <A href="https://www.virustotal.com/vtapi/v2/url/scan">https://www.virustotal.com/vtapi/v2/url/scan</A></P> <P>Post Arguments:<BR /> apikey = your_apikey<BR /> url = $field$</P> <P>It will open a json response with a perma link to your analysis.</P> Thu, 13 Sep 2018 11:44:28 GMT https://community.splunk.com/t5/Knowledge-Management/VirusTotal-API-scan-in-workflow-http-request/m-p/448020#M3981 osakachan 2018-09-13T11:44:28Z https://community.splunk.com/t5/Knowledge-Management/VirusTotal-API-scan-in-workflow-http-request/m-p/448021#M3982 <P>This worked GREAT!!! Thanks for your help, however I would love to take the HTTPS response from Virustotal and run it in a separate browser window if possible. </P> Thu, 13 Sep 2018 18:00:29 GMT https://community.splunk.com/t5/Knowledge-Management/VirusTotal-API-scan-in-workflow-http-request/m-p/448021#M3982 vwolf80 2018-09-13T18:00:29Z https://community.splunk.com/t5/Knowledge-Management/VirusTotal-API-scan-in-workflow-http-request/m-p/448022#M3983 <P>"elpred0 · 7 hours ago More...<BR /> Hello,</P> <P>Configure the workflow action in post mode, URI: <A href="https://www.virustotal.com/vtapi/v2/url/scan">https://www.virustotal.com/vtapi/v2/url/scan</A></P> <P>Post Arguments:<BR /> apikey = your_apikey<BR /> url = $field$</P> <P>It will open a json response with a perma link to your analysis."</P> Thu, 13 Sep 2018 18:46:35 GMT https://community.splunk.com/t5/Knowledge-Management/VirusTotal-API-scan-in-workflow-http-request/m-p/448022#M3983 vwolf80 2018-09-13T18:46:35Z https://community.splunk.com/t5/Knowledge-Management/VirusTotal-API-scan-in-workflow-http-request/m-p/448023#M3984 <P>Your welcome. Upvote/answer will be appreciated.</P> <P>Yep, that will be better but I think it would be far away from workflow action capacity.</P> <P>Maybe this app can help, but I did not test it.<BR /> <A href="https://splunkbase.splunk.com/app/3446/#/details">https://splunkbase.splunk.com/app/3446/#/details</A></P> Fri, 14 Sep 2018 10:37:08 GMT https://community.splunk.com/t5/Knowledge-Management/VirusTotal-API-scan-in-workflow-http-request/m-p/448023#M3984 osakachan 2018-09-14T10:37:08Z