Views:

Enrich your TrendAI Vision One™ detections with VirusTotal threat intelligence.

The VirusTotal integration enriches your TrendAI Vision One™ detections with threat intelligence from VirusTotal. An indicator of compromise (IOC) is an observable artifact, such as a file hash, URL, domain, or IP address, that can signal malicious activity on a host or network. When TrendAI Vision One™ encounters an IOC in your detection data, it looks up the indicator using the VirusTotal Public API and adds the returned threat intelligence, such as detection verdicts and reputation data, to the detection.
TrendAI Vision One™ can look up the following IOC types in VirusTotal:
  • File hashes (SHA-1)
  • URLs
  • Domains
  • IP addresses
The integration does not import VirusTotal indicators into TrendAI Vision One™ as a separate threat intelligence feed or suspicious object list.

Procedure

  1. Sign in to your VirusTotal Community account.
    To sign up for a VirusTotal Community account, click New? Join the community.
  2. Click your account profile picture at the top right and select API key from the list.
  3. Copy the VirusTotal Public API key and save a copy for your records.
  4. On the TrendAI Vision One™ console, go to Third-Party IntelligenceVirusTotal Public API.
  5. Enable VirusTotal Public API.
  6. Specify the VirusTotal API key.
  7. Click Test Connection to confirm that the integration has connected successfully.
  8. Specify the number of hours for results caching (TTL).
  9. Select Set maximum lookups triggered by TrendAI Vision One™ and specify the number and frequency of maximum lookups.
  10. Click Save.
    Your TrendAI Vision One™ detections are now enriched with VirusTotal threat intelligence.
Comments (0)