Splunk Enterprise Security

How to merge Virus total application information with Splunk search query?

prajapatividhy1
New Member

Hi, I am trying to get the some information from virus total in splunk enterprise through Virus total API Key. I don't know how to do it ? Can anyone please help me with it ?

0 Karma

prajapatividhy1
New Member

HI thank you for consideration.
I already have that APP. in my Splunk platform. I still couldn't get how to use this APP. for my search in splunk to extract the data.
I wants to extract the registrar field, Creation and Last update fields into my Splunk query.
Can you elaborate it with some commands which i should use or Can you show me the sample search with virus total into Splunk?

Thank you in Advance.

0 Karma

jawaharas
Motivator

@prajapatividhyut2

I have updated my answer with sample code which is working.

As mentioned in the app's documentation , the custom command | virustotal (bundled with this app) uses the https://www.virustotal.com/vtapi/v2/file/report endpoint to communicate with the VirusTotal API.

In which API endpoint you can see below fields?

  • Registrar field
  • Creation and Last fields
  • Update field
0 Karma

jawaharas
Motivator

@prajapatividhyut2

If my answer helped you, please accept and/or upvote it!

0 Karma

jawaharas
Motivator

You can try below App.

VirusTotal Malware Lookup for Splunk

This app is used to supplement your data with information from VirusTotal.
The custom command | virustotal (bundled with this app) uses the https://www.virustotal.com/vtapi/v2/file/report endpoint to communicate with the VirusTotal API.

Example code:

| makeresults
| eval file_md5_hash="99017f6eebbac24f351415dd410d522d"
| virustotal hash=file_md5_hash
0 Karma
Get Updates on the Splunk Community!

Get Operational Insights Quickly with Natural Language on the Splunk Platform

In today’s fast-paced digital world, turning data into actionable insights is essential for success. With ...

What’s New in Splunk Observability Cloud – June 2025

What’s New in Splunk Observability Cloud – June 2025 We are excited to announce the latest enhancements to ...

Almost Too Eventful Assurance: Part 2

Work While You SleepBefore you can rely on any autonomous remediation measures, you need to close the loop ...