Hi, I am trying to get the some information from virus total in splunk enterprise through Virus total API Key. I don't know how to do it ? Can anyone please help me with it ?
HI thank you for consideration.
I already have that APP. in my Splunk platform. I still couldn't get how to use this APP. for my search in splunk to extract the data.
I wants to extract the registrar field, Creation and Last update fields into my Splunk query.
Can you elaborate it with some commands which i should use or Can you show me the sample search with virus total into Splunk?
Thank you in Advance.
@prajapatividhyut2
I have updated my answer with sample code which is working.
As mentioned in the app's documentation , the custom command | virustotal (bundled with this app) uses the https://www.virustotal.com/vtapi/v2/file/report endpoint to communicate with the VirusTotal API.
In which API endpoint you can see below fields?
@prajapatividhyut2
If my answer helped you, please accept and/or upvote it!
You can try below App.
VirusTotal Malware Lookup for Splunk
This app is used to supplement your data with information from VirusTotal.
The custom command | virustotal
(bundled with this app) uses the https://www.virustotal.com/vtapi/v2/file/report
endpoint to communicate with the VirusTotal API.
Example code:
| makeresults
| eval file_md5_hash="99017f6eebbac24f351415dd410d522d"
| virustotal hash=file_md5_hash