Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to merge Virus total application information with Splunk search query?

prajapatividhy1
New Member
‎09-05-2019 08:46 AM

Hi, I am trying to get the some information from virus total in splunk enterprise through Virus total API Key. I don't know how to do it ? Can anyone please help me with it ?

0 Karma
Reply

prajapatividhy1
New Member
‎09-06-2019 06:21 AM

HI thank you for consideration.
I already have that APP. in my Splunk platform. I still couldn't get how to use this APP. for my search in splunk to extract the data.
I wants to extract the registrar field, Creation and Last update fields into my Splunk query.
Can you elaborate it with some commands which i should use or Can you show me the sample search with virus total into Splunk?

Thank you in Advance.

0 Karma
Reply

jawaharas
Motivator
‎09-09-2019 06:58 PM

@prajapatividhyut2

I have updated my answer with sample code which is working.

As mentioned in the app's documentation , the custom command | virustotal (bundled with this app) uses the https://www.virustotal.com/vtapi/v2/file/report endpoint to communicate with the VirusTotal API.

In which API endpoint you can see below fields?

  • Registrar field
  • Creation and Last fields
  • Update field
0 Karma
Reply

jawaharas
Motivator
‎09-15-2019 08:37 AM

@prajapatividhyut2

If my answer helped you, please accept and/or upvote it!

0 Karma
Reply

jawaharas
Motivator
‎09-06-2019 12:13 AM

You can try below App.

VirusTotal Malware Lookup for Splunk

This app is used to supplement your data with information from VirusTotal.
The custom command | virustotal (bundled with this app) uses the https://www.virustotal.com/vtapi/v2/file/report endpoint to communicate with the VirusTotal API.

Example code:

| makeresults
| eval file_md5_hash="99017f6eebbac24f351415dd410d522d"
| virustotal hash=file_md5_hash
0 Karma
Reply
Get Updates on the Splunk Community!

Get Operational Insights Quickly with Natural Language on the Splunk Platform

In today’s fast-paced digital world, turning data into actionable insights is essential for success. With ...

What’s New in Splunk Observability Cloud – June 2025

What’s New in Splunk Observability Cloud – June 2025 We are excited to announce the latest enhancements to ...

Almost Too Eventful Assurance: Part 2

Work While You SleepBefore you can rely on any autonomous remediation measures, you need to close the loop ...
Top