VirusTotal

Configuration

Once you have purchased the Advanced Threat Analytics add-on and applied the license, head to the Advanced Threat Analytics page.

To get the API key:

1. Visit https://www.virustotal.com and sign up for a VirusTotal account.
2. Sign in to VirusTotal and find your API key and go to your Username→ Settings→API Key.
3. Use the API Key provided by VirusTotal for integrating with EventLog Analyzer.



4. Paste the API key and click on Connect to finish configuring VirusTotal.

Analysis

In EventLog Analyzer, users can access the data from VirusTotal through the Incident Workbech. Learn how to invoke the Incident Workbench from different dashboards of EventLog Analyzer.

Select any IP, URL, or Domain to analyze in the Workbench. You can access the following data:

• VirusTotal Info

  This section contains the Detection Score of the Threat Source, which is the number of security vendors who have flagged the source as risky out of all the security vendors. Along with this, the basic details and the geo info of the Threat Source are also available.

  

  

  Click on the search icon in the top left corner to filter based on Security Vendor, Analysis Category, and Analysis Result.

  

  Here are the Analysis Categories:

  • Malicious
  • Suspicious
  • Harmless
  • Undetected
  • Timeout

  

• Whois Info

  This section contains the Whois information of the threat source domain.

  

• SSL Certificate

  This section contains details of the SSL certificate issued to the Threat Source and who issued it.

  

• Related Files

  This section maps the relationship of the files to the IP address in following ways:

  • Files communicating with the IP address
  • Files downloaded from the IP address
  • Files containing the IP address

  

  

• Resolutions

  This section is the past and current IP resolutions for a particular domain.