VirusTotal + D3 Smart SOAR
Seamlessly Integrate Threat Intelligence
VirusTotal is a service that aggregates more than 70 antivirus products and online scan engines to check uploaded files and URLs for viruses and verify against false positives. With D3’s VirusTotal integration, you can automate that entire process to ensure that your analysts have the information they need for every incident.
Benefits and Capabilities
Most organizations have access to lots of threat intelligence, but struggle to translate that into better security operations. With Smart SOAR’s Event Pipeline, you can seamlessly incorporate intelligence from VirusTotal into event-level triage, and further enrich validated incidents during investigations.
- Automatically enrich alerts with VirusTotal intelligence
- Use VirusTotal data to inform reputation and prioritization scoring in Smart SOAR
- Build a repository of hashes, IP addresses, domain names in Smart SOAR
Use CAse
Automated Hash Lookups
Analysts are expected to rapidly investigate incidents without compromising the process. For many, this means manually cross-referencing and copying hashes and other data from VirusTotal. Over a year in a SOC, this means hundreds of hours per analyst plus some degree of human error. Smart SOAR automatically populates the incident record with hashes and other relevant data.
- Search through the Smart SOAR console to instantly bring over additional field-data
- Automate IOC lookups through Smart SOAR’s event-level playbooks
- Easily change integration parameters via the admin tool.
Use Case
Potential Phishing Analysis
When a potential phishing email is escalated to Smart SOAR, either through an email protection system or manually by the recipient, Smart SOAR extracts the sender’s domain and the URL of any links in the message. Smart SOAR then uses VirusTotal or another integrated service to retrieve the IP address associated with the sender and/or URL. Based on the result, the Smart SOAR user can then trigger a response playbook.
- Orchestrate actions like blocking IPs, blacklisting senders, and notifying email recipients
- Integrate with email systems to find and delete other emails in a phishing campaign
- If the risk score is deemed low, the incident can be closed as a false positive
Why Smart SOAR?
Joint users of VirusTotal and D3 Smart SOAR don’t just get automated threat intelligence enrichment and analysis; they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
VirusTotal Integration: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.