VirusTotal is a service that aggregates more than 70 antivirus products and online scan engines to check uploaded files and URLs for viruses and verify against false positives. The results of scans are shared, helping to raise the global IT security level.
Download Integration Guide
NextGen SOAR Integration
With cyberattacks and the skills gap getting worse, SOCs can no longer afford to have analysts manually coordinate contextual data. Many analysts personally copy-and-paste hashes hundreds of times per day in order to check their reputation. With D3’s VirusTotal integration, you can automate that entire process to ensure that your analysts have the information they need for every incident.
Automatically enrich alerts with VirusTotal intelligence
Use VirusTotal data to inform reputation and prioritization scoring in D3
Build a repository of hashes, IP addresses, domain names in D3
Benefit from flexible configuration options
Key Use Case
Automated Hash Lookups
Analysts are expected to rapidly investigate incidents without compromising the process. For many, this means manually cross-referencing and copying hashes and other data from VirusTotal. Over a year in a SOC, this means hundreds of hours per analyst plus some degree of human error. D3 automatically populates the incident record with hashes and other relevant data. An analyst can search through the D3 console, and instantly bring over additional field-data. Plus, it’s agile. You can change the integration parameters via our easy-to-use admin tool.
Potential Phishing Analysis
When a potential phishing email is escalated to D3, either through an email protection system or manually by the recipient, D3 extracts the sender’s domain and the URL of any links in the message. D3 then uses VirusTotal or another integrated service to retrieve the IP address associated with the sender and/or URL. Based on the result, the D3 user can then trigger a response playbook to block the IP, blacklist the sender, notify the email recipient, and orchestrate any other appropriate actions. If the risk score is deemed low, the incident can be closed as a false positive.
Meet Our Friends
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.