Get a Demo

VirusTotal + D3 Morpheus

Seamlessly Integrate Threat Intelligence

VirusTotal is a service that aggregates more than 70 antivirus products and online scan engines to check uploaded files and URLs for viruses and verify against false positives. With D3’s VirusTotal integration, you can automate that entire process to ensure that your analysts have the information they need for every incident.

Eliminate manual intelligence gathering

Turn aggregated threat data into automated playbooks

Automate triage and enrichment through D3’s Event Pipeline

Get the D3 Integrations Guide

Benefits and Capabilities

Most organizations have access to lots of threat intelligence, but struggle to translate that into better security operations. With Morpheus’s Event Pipeline, you can seamlessly incorporate intelligence from VirusTotal into event-level triage, and further enrich validated incidents during investigations.

  • Automatically enrich alerts with VirusTotal intelligence
  • Use VirusTotal data to inform reputation and prioritization scoring in Morpheus
  • Build a repository of hashes, IP addresses, domain names in Morpheus
Flowchart depicting the integration process between VirusTotal and D3 Security's Morpheus

Use CAse

Automated Hash Lookups

Analysts are expected to rapidly investigate incidents without compromising the process. For many, this means manually cross-referencing and copying hashes and other data from VirusTotal. Over a year in a SOC, this means hundreds of hours per analyst plus some degree of human error. Morpheus automatically populates the incident record with hashes and other relevant data. 

  • Search through the Morpheus console to instantly bring over additional field-data
  • Automate IOC lookups through Morpheus’s event-level playbooks
  • Easily change integration parameters via the admin tool.

Use Case

 Potential Phishing Analysis

When a potential phishing email is escalated to Morpheus, either through an email protection system or manually by the recipient, Morpheus extracts the sender’s domain and the URL of any links in the message. Morpheus then uses VirusTotal or another integrated service to retrieve the IP address associated with the sender and/or URL. Based on the result, the Morpheus user can then trigger a response playbook.

  • Orchestrate actions like blocking IPs, blacklisting senders, and notifying email recipients
  • Integrate with email systems to find and delete other emails in a phishing campaign
  • If the risk score is deemed low, the incident can be closed as a false positive

Why Morpheus?

Joint users of VirusTotal and D3 Morpheus don’t just get automated threat intelligence enrichment and analysis; they also get the countless other features that make Morpheus the leading independent AI-driven SOC solution, including:

Expert-built codeless integrations across the stack

Tier 1–3 automation, based on deep research into the capabilities of common tools

The Hyperpipe, which reduces alert volume by up to 98%

Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts

VirusTotal Integration: Summary

Key Details
Automated intelligence enrichment
Developed and maintained by D3
Drag integration into visual playbooks
Test integration from playbook
Correlate incident IOCs against aggregated intelligence sources

Integrations Done the Right Way

An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.

See All Integrations

Learn More About Morpheus

Check out these resources to answer your questions about our other cutting-edge capabilities.

Ready to see Morpheus?

Morpheus is ready to transform your SOC—intelligent, AI-driven security that adapts to you. See it in action. 🚀