VirusTotal is a service that aggregates more than 70 antivirus products and online scan engines to check uploaded files and URLs for viruses and verify against false positives. The results of scans are shared, helping to raise the global IT security level.
Smart SOAR Integration
With cyberattacks and the skills gap getting worse, SOCs can no longer afford to have analysts manually coordinate contextual data. Many analysts personally copy-and-paste hashes hundreds of times per day in order to check their reputation. With D3’s VirusTotal integration, you can automate that entire process to ensure that your analysts have the information they need for every incident.
Automatically enrich alerts with VirusTotal intelligence
Use VirusTotal data to inform reputation and prioritization scoring in Smart SOAR
Build a repository of hashes, IP addresses, domain names in Smart SOAR
Benefit from flexible configuration options
Key Use Cases
Automated Hash Lookups
Analysts are expected to rapidly investigate incidents without compromising the process. For many, this means manually cross-referencing and copying hashes and other data from VirusTotal. Over a year in a SOC, this means hundreds of hours per analyst plus some degree of human error. Smart SOAR automatically populates the incident record with hashes and other relevant data. An analyst can search through the Smart SOAR console, and instantly bring over additional field-data. Plus, it’s agile. You can change the integration parameters via our easy-to-use admin tool.
Potential Phishing Analysis
When a potential phishing email is escalated to Smart SOAR, either through an email protection system or manually by the recipient, Smart SOAR extracts the sender’s domain and the URL of any links in the message. Smart SOAR then uses VirusTotal or another integrated service to retrieve the IP address associated with the sender and/or URL. Based on the result, the Smart SOAR user can then trigger a response playbook to block the IP, blacklist the sender, notify the email recipient, and orchestrate any other appropriate actions. If the risk score is deemed low, the incident can be closed as a false positive.
Meet Our Friends
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.