analyzer: virustotal
query: ...
api_key: ...
| Name | Type | Required? | Default | Desc. |
|---|---|---|---|---|
| query | String | Yes | Domain or IP address | |
| api_key | String | No | ENV[”VIRUSTOTAL_API_KEY"] | API key |
The analyzer uses VirusTotal API v3.
An API endpoint to use is changed based on a type of a query.
<aside> 💡 Note that this analyzer only checks passive DNS data of a given query (domain or IP address). VirusTotal hunting & intelligence are not supported at the moment.
</aside>
This rule outputs the following types of artifacts.
Mihari loads your OTX API key via environment variable VIRUSTOTAL_API_KEY by default.