We just upgraded to the VirusTotal Checker 1.3 version and now we get a "Socket Timeout. Please Check Your Internet Connection" error in the vtc_message field.
In the vt_link field states "Not connected..."
We're using a search head cluster and indexer cluster. We pushed the app out via our master/deployer box.
Any thoughts?
More than likely due to VirusTotal's CAPTCHA. I was getting this error as well, then did a manual MD5 hash search on VirusTotal.com, proved I was not a robot with CAPTCHA, reran the VT Splunk search and got past the Socket Timeout error.
If VirusTotal Checker could implement API access to VirusTotal, that would be great..MmmK..Thanks!
😉
Did anybody get this to work? I'm running into the same issue and hoping someone found a way to include the virustotal api key's.
More than likely due to VirusTotal's CAPTCHA. I was getting this error as well, then did a manual MD5 hash search on VirusTotal.com, proved I was not a robot with CAPTCHA, reran the VT Splunk search and got past the Socket Timeout error.
If VirusTotal Checker could implement API access to VirusTotal, that would be great..MmmK..Thanks!
😉
Did some research and found out that automating VirusTotal lookups is restricted to 4 lookups per minute. Both via VirusTotal Checker's method of appending hashes o a virustotal.com search URL, and via the VT Public API 2.0 access.
https://www.virustotal.com/en/documentation/public-api/#getting-ip-reports
Explains why in the screenshots he limited the search to 10 events "head 10". Which by the way, successfully works and retrieves VT results only after I go to VirusTotal.com and do the CAPTCHA.
@dpreston31 wrote:Did some research and found out that automating VirusTotal lookups is restricted to 4 lookups per minute. Both via VirusTotal Checker's method of appending hashes o a virustotal.com search URL, and via the VT Public API 2.0 access.
https://www.virustotal.com/en/documentation/public-api/#getting-ip-reports
Explains why in the screenshots he limited the search to 10 events "head 10". Which by the way, successfully works and retrieves VT results only after I go to VirusTotal.com and do the CAPTCHA.
i also wanna know why in the screenshots he limited the search to 10 events "head 10"
I'm assuming this is tied to the API key piece that needs implemented still in the app? I may just make it work myself =\