Skip to main content

Detonate File - VirusTotal (API v3)

This Playbook is part of the VirusTotal Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Detonate a file through VirusTotal (API v3)


This playbook uses the following sub-playbooks, integrations, and scripts.


  • GenericPolling


  • VirusTotal (API v3)


  • Set


  • vt-analysis-get
  • file-scan

Playbook Inputs#

NameDescriptionDefault ValueRequired
FileEntry ID of the file to detonateFileRequired

Playbook Outputs#

PathDescriptionType of engines found the indicator harmless.number of engines found the indicator malicious.number of engines found the indicator suspicious.number of engines found the indicator timeout.number of engines found the indicator undetected.number of the analysis in epochnumber of the analysisstring
VirusTotal.Analysis.meta.file_info.sha256SHA-256 of the filestring
VirusTotal.Analysis.meta.file_info.sha1SHA-1 of the filestring
VirusTotal.Analysis.meta.file_info.md5MD5 of the filestring
VirusTotal.Analysis.meta.file_info.namename of the filestring
VirusTotal.Analysis.meta.file_info.sizeSize of the file in bytesnumber
VirusTotal.Analysis.meta.url_info.idID of the urlstring

Playbook Image#

Detonate File - VirusTotal (API v3)