VirusTotal
IOC enrichment — look up file hashes, IP addresses, domains, and URLs for threat intelligence
VirusTotal
VirusTotal integration lets agents look up indicators of compromise (IOCs) during security investigations. Agents check file hashes, IPs, domains, and URLs against VirusTotal's threat intelligence database.
Navigation
- Parent: Integrations
- Related: Censys | BOTS Hunter
Capabilities
With VirusTotal connected, agents can:
- Hash lookup — check file hashes (MD5, SHA1, SHA256) against known malware signatures
- IP reputation — check IP addresses for malicious activity, geolocation, and hosting info
- Domain analysis — look up domains for malware associations, WHOIS, and DNS records
- URL scanning — check URLs for known threats and phishing indicators
Used By
The BOTS Hunter agent uses VirusTotal for IOC enrichment during security investigations. You can also attach VirusTotal to any custom agent that handles threat analysis.
Setup
- Go to Settings → Integrations → VirusTotal.
- Enter your VirusTotal API key.
- Test and save.
Agents automatically use VirusTotal when investigating IOCs.
