Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why virustotal doesn't fill in values?

bt149
Path Finder
‎08-09-2023 09:50 AM

Using the "virustotal" cmd and it appears that if there are multiple events that have the same file_hash that only one of the events will "populate" the field/values from the virustotal cmd.  I can't post events.

Example would be:

event 1:

_time=08/06/2023 07:00:00
dest=abc1
file_hash=45vv678
file_name=badguy.dll
file_path=my_path 
vt_* will be populated


event 2:

_time=08/06/2023 07:150:00
dest=abc2
file_hash=45vv678
file_name=badguy.dll
file_path=my_path
vt_* - nothing will be populated


event 3:

_time=08/06/2023 07:30:00
dest=abc3
file_hash=45vv678
file_name=badguy.dll
file_path=my_path
vt_* - nothing will be populated

I know the spl is fine as if I were to change the time picker to that of just the 2nd or 3rd event, all the vt_ fields would be populated.  It looks like this is the expected behavior.  Thanks in advance.

Tags (1)
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎08-14-2023 12:40 AM

@bt149 - I'm sure you are using a custom App here as mentioned by @yuanliu 

Kindly post your search query here (you can hide sensitive data if any in the SPL). And then we might spot any issues if any.

 

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎08-11-2023 05:34 PM

There is no virustotal command in Search Commands.  If you are using a special app that provides this command, you should go to that app's forum for help.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...