Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to merge Virus total application information with Splunk search query?

prajapatividhy1
New Member
‎09-05-2019 08:46 AM

Hi, I am trying to get the some information from virus total in splunk enterprise through Virus total API Key. I don't know how to do it ? Can anyone please help me with it ?

0 Karma
Reply

prajapatividhy1
New Member
‎09-06-2019 06:21 AM

HI thank you for consideration.
I already have that APP. in my Splunk platform. I still couldn't get how to use this APP. for my search in splunk to extract the data.
I wants to extract the registrar field, Creation and Last update fields into my Splunk query.
Can you elaborate it with some commands which i should use or Can you show me the sample search with virus total into Splunk?

Thank you in Advance.

0 Karma
Reply

jawaharas
Motivator
‎09-09-2019 06:58 PM

@prajapatividhyut2

I have updated my answer with sample code which is working.

As mentioned in the app's documentation , the custom command | virustotal (bundled with this app) uses the https://www.virustotal.com/vtapi/v2/file/report endpoint to communicate with the VirusTotal API.

In which API endpoint you can see below fields?

  • Registrar field
  • Creation and Last fields
  • Update field
0 Karma
Reply

jawaharas
Motivator
‎09-15-2019 08:37 AM

@prajapatividhyut2

If my answer helped you, please accept and/or upvote it!

0 Karma
Reply

jawaharas
Motivator
‎09-06-2019 12:13 AM

You can try below App.

VirusTotal Malware Lookup for Splunk

This app is used to supplement your data with information from VirusTotal.
The custom command | virustotal (bundled with this app) uses the https://www.virustotal.com/vtapi/v2/file/report endpoint to communicate with the VirusTotal API.

Example code:

| makeresults
| eval file_md5_hash="99017f6eebbac24f351415dd410d522d"
| virustotal hash=file_md5_hash
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Top