Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to merge Virus total application information with Splunk search query?

prajapatividhy1
New Member
‎09-05-2019 08:46 AM

Hi, I am trying to get the some information from virus total in splunk enterprise through Virus total API Key. I don't know how to do it ? Can anyone please help me with it ?

0 Karma
Reply

prajapatividhy1
New Member
‎09-06-2019 06:21 AM

HI thank you for consideration.
I already have that APP. in my Splunk platform. I still couldn't get how to use this APP. for my search in splunk to extract the data.
I wants to extract the registrar field, Creation and Last update fields into my Splunk query.
Can you elaborate it with some commands which i should use or Can you show me the sample search with virus total into Splunk?

Thank you in Advance.

0 Karma
Reply

jawaharas
Motivator
‎09-09-2019 06:58 PM

@prajapatividhyut2

I have updated my answer with sample code which is working.

As mentioned in the app's documentation , the custom command | virustotal (bundled with this app) uses the https://www.virustotal.com/vtapi/v2/file/report endpoint to communicate with the VirusTotal API.

In which API endpoint you can see below fields?

  • Registrar field
  • Creation and Last fields
  • Update field
0 Karma
Reply

jawaharas
Motivator
‎09-15-2019 08:37 AM

@prajapatividhyut2

If my answer helped you, please accept and/or upvote it!

0 Karma
Reply

jawaharas
Motivator
‎09-06-2019 12:13 AM

You can try below App.

VirusTotal Malware Lookup for Splunk

This app is used to supplement your data with information from VirusTotal.
The custom command | virustotal (bundled with this app) uses the https://www.virustotal.com/vtapi/v2/file/report endpoint to communicate with the VirusTotal API.

Example code:

| makeresults
| eval file_md5_hash="99017f6eebbac24f351415dd410d522d"
| virustotal hash=file_md5_hash
0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with William Searle

The Splunk Guy: A Developer’s Path from Web to Cloud William is a Splunk Professional Services Consultant with ...

Major Splunk Upgrade – Prepare your Environment for Splunk 10 Now!

Attention App Developers: Test Your Apps with the Splunk 10.0 Beta and Ensure Compatibility Before the ...

Stay Connected: Your Guide to June Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...
Top