Community Blog
Get the latest updates on the Splunk Community, including member experiences, product education, events, and more!

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

abokov
Splunk Employee
Splunk Employee

As security threats and their complexities surge, security analysts deal with increased challenges and best-in-class security tools are essential for every enterprise. Splunk’s latest integration with VirusTotal not only allows customers to access insights from VirusTotal datasets in a one-click experience, but also all informed decisions to be made quickly and accurately.

VirusTotal is one of the most popular and close to real-time crowdsourced malware dataset – the company was launched in June 2004 and acquired by Google in September 2014.  Data sources in VirusTotal include crowdsourced YARA rules, sandboxed dynamic analysis, Sigma rules acting on detonation behavior, IDS detections on network traffic and many security vendors. VirusTotal’s latest addition to Splunkbase, VT4Splunk, provides insights and enrichments on IOCs from a single pane of glass. With VT4Splunk, customers can discover CVEs affecting events and run Splunk searches on top of IOCs from these cases. This Google-supported add-on provides native integrations with VirusTotal API from a Splunk interfacing, making security researcher investigations more effective. 

abokov_0-1675107303179.png

With over 2,800 unique apps and add-ons in Splunkbase, native integrations enable Splunk partners to achieve a large set of enterprise customers worldwide and foster innovation, enhance security practices, and cultivate resilience. 

To install the free VT4Splunk add-on, login to Splunkbase and view the step-by-step installation guide.

— Alexey Bokov, Cloud Strategist at Splunk

 

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...