Skip to main content

VirusTotal Livehunt Feed

This Integration is part of the VirusTotal Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Use the VirusTotal Livehunt Feed integration to fetch indicators from Livehunt rules or rulesets.

Configure VirusTotal Livehunt Feed in Cortex#

ParameterDescriptionRequired
feedThe fetch indicators.False
api_keyAPI Key.True
filterExact name of the rule or ruleset you want to filter on. Leave empty to receive all.False
feedReputationThe indicator reputation.False
feedReliabilityThe source's reliability.True
tlp_colorThe Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. More information about the protocol can be found at https://us-cert.cisa.gov/tlpFalse
feedExpirationPolicyThe feed's expiration policy.False
feedFetchIntervalThe feed fetch interval.False
feedBypassExclusionListWhether to bypass exclusion list.False

Livehunt Feed info:#

By default the Livehunt feed retrieve indicators based on all active rulesets in livehunt, you have the option to get indicators only from one rule or ruleset using the filter parameter.

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

Get Indicators#


Gets the indicators from VirusTotal Livehunt.

Base Command#

vt-livehunt-get-indicators

Input#
Argument NameDescriptionRequired
limitThe maximum number of indicators to return. The default value is 10 and max 40.Optional
filterExact name of the rule or ruleset you want to filter on.Optional
Context Output#

There is no context output for this command.

Command Example#

!vt-livehunt-get-indicators limit=1 filter=WannaCry_Ransomware

Human Readable Output#

Indicators from VirusTotal Livehunt:#

Sha256DetectionsFiletypeRulesetnameRulename
f221425286c9073cbb2168f73120b6...59/69Win32 EXEWannacry RansomwareWannaCry_Ransomware_Gen

Demo Video#