VirusTotal Pack.#This Integration is part of the
Supported Cortex XSOAR versions: 5.5.0 and later.
Use this feed integration to fetch VirusTotal Retrohunt matches. It processes the latest finished job retrieving its matches based on the limit parameter (40 by default) in every fetch until there are no more matches for that job.
Navigate to Settings > Integrations > Servers & Services.
Search for VirusTotal Retrohunt Feed.
Click Add instance to create and configure a new integration instance.
Parameter Description Required API Key (leave empty. Fill in the API key in the password field.) True API Key True Limit Limit of indicators to fetch from retrohunt job results. False Fetch indicators False Indicator Reputation Indicators from this integration instance will be marked with this reputation. False Source Reliability Reliability of the source providing the intelligence data. True False False Feed Fetch Interval False Bypass exclusion list When selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system. False Tags Supports CSV values. False Traffic Light Protocol Color The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. False
Click Test to validate the URLs, token, and connection.
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Gets the matches from a given retrohunt job's id or the latest finished by default.
Reset the last processed job's id
|limit||The maximum number of results to return. Default is 40.||Optional|
|job_id||VT Retrohunt job's ID.||Optional|
There is no context output for this command.
!vt-retrohunt-get-indicators limit=10 job_id="RETROHUNT-JOB-ID"