Skip to main content

VirusTotal Livehunt Feed

This Integration is part of the VirusTotal Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Use the VirusTotal Livehunt Feed integration to fetch indicators from Livehunt rules or rulesets.

Configure VirusTotal Livehunt Feed on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for VirusTotal Livehunt Feed.
  3. Click Add instance to create and configure a new integration instance.
feedThe fetch indicators.False
api_keyAPI Key.True
filterExact name of the rule or ruleset you want to filter on. Leave empty to receive all.False
feedReputationThe indicator reputation.False
feedReliabilityThe source's reliability.True
tlp_colorThe Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. More information about the protocol can be found at
feedExpirationPolicyThe feed's expiration policy.False
feedFetchIntervalThe feed fetch interval.False
feedBypassExclusionListWhether to bypass exclusion list.False
  1. Click Test to validate the VirusTotal API Key, and connection.

Livehunt Feed info:#

By default the Livehunt feed retrieve indicators based on all active rulesets in livehunt, you have the option to get indicators only from one rule or ruleset using the filter parameter.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

Get Indicators#

Gets the indicators from VirusTotal Livehunt.

Base Command#


Argument NameDescriptionRequired
limitThe maximum number of indicators to return. The default value is 10 and max 40.Optional
filterExact name of the rule or ruleset you want to filter on.Optional
Context Output#

There is no context output for this command.

Command Example#

!vt-livehunt-get-indicators limit=1 filter=WannaCry_Ransomware

Human Readable Output#

Indicators from VirusTotal Livehunt:#

f221425286c9073cbb2168f73120b6...59/69Win32 EXEWannacry RansomwareWannaCry_Ransomware_Gen

Demo Video#