analyzer: virustotal_intelligence
query: ...
api_key: ...
| Name | Type | Required? | Default | Desc. |
|---|---|---|---|---|
| query | String | Yes | Search query | |
| api_key | String | No | ENV[”VIRUSTOTAL_API_KEY"] | API key |
The analyzer uses VirusTotal API v3.
IP addresses, domains, URLs or hashes matched with a query are treated as artifacts.
<aside> 💡 Note that this analyzer consumes VirusTotal Intelligence quota. Also, you need special privileges (contract with VT) to use this analyzer.
</aside>
This rule outputs the following types of artifacts.
The type is determined based on a query. For example, if you set entity:ip ,the output will be a list of IP addresses.
Mihari loads your VirusTotal API key via environment variable VIRUSTOTAL_API_KEY by default.