lhs-panel Click here to expand

VirusTotal

Note: VirusTotal is one of the largest live threat feeds that consolidates risk scores of IPs, URLs, Domains, and files from a wide range of security vendors. This integration in EventLog Analyzer follows the Bring Your Own Key(BYOK) model. If you have bought VirusTotal access separately, you can use your API key and analyze threat sources in EventLog Analyzer.

Configuration

Once you have purchased the Advanced Threat Analytics add-on and applied the license, head to the Advanced Threat Analytics page.

Navigation: Settings → Admin Settings → Management→ Threat Feeds→Advanced Threat Analytics → VirusTotal → Integrate

virustotal

To get the API key:

  1. Visit https://www.virustotal.com and sign up for a VirusTotal account.
  2. Sign in to VirusTotal and find your API key and go to your Username→ Settings→API Key.
  3. Use the API Key provided by VirusTotal for integrating with EventLog Analyzer.
  4. virustotal

  5. Paste the API key and click on Connect to finish configuring VirusTotal.
  6. virustotal

Analysis

In EventLog Analyzer, users can access the data from VirusTotal through the Incident Workbech. Learn how to invoke the Incident Workbench from different dashboards of EventLog Analyzer.

virustotal

Select any IP, URL, or Domain to analyze in the Workbench. You can access the following data:

  • VirusTotal Info

    This section contains the Detection Score of the Threat Source, which is the number of security vendors who have flagged the source as risky out of all the security vendors. Along with this, the basic details and the geo info of the Threat Source are also available.

    virustotal

    virustotal

    Click on the search icon in the top left corner to filter based on Security Vendor, Analysis Category, and Analysis Result.

    virustotal

    Here are the Analysis Categories:

    • Malicious
    • Suspicious
    • Harmless
    • Undetected
    • Timeout

    virustotal

  • Whois Info

    This section contains the Whois information of the threat source domain.

    virustotal

  • SSL Certificate

    This section contains details of the SSL certificate issued to the Threat Source and who issued it.

    virustotal

  • Related Files

    This section maps the relationship of the files to the IP address in following ways:

    • Files communicating with the IP address
    • Files downloaded from the IP address
    • Files containing the IP address

    virustotal

    virustotal

  • Resolutions

    This section is the past and current IP resolutions for a particular domain.

    virustotal

Copyright © 2020, ZOHO Corp. All Rights Reserved.

Get download link