Skip to main content

Detonate File - VirusTotal (API v3)

This Playbook is part of the VirusTotal Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Detonate a file through VirusTotal (API v3)

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • GenericPolling

Integrations#

  • VirusTotal (API v3)

Scripts#

  • Set

Commands#

  • vt-analysis-get
  • file-scan

Playbook Inputs#


NameDescriptionDefault ValueRequired
FileEntry ID of the file to detonateFile.NoneRequired

Playbook Outputs#


PathDescriptionType
VirusTotal.Analysis.data.attributes.stats.harmlessNumber of engines found the indicator harmless.number
VirusTotal.Analysis.data.attributes.stats.maliciousNumber of engines found the indicator malicious.number
VirusTotal.Analysis.data.attributes.stats.suspiciousNumber of engines found the indicator suspicious.number
VirusTotal.Analysis.data.attributes.stats.timeoutNumber of engines found the indicator timeout.number
VirusTotal.Analysis.data.attributes.stats.undetectedNumber of engines found the indicator undetected.number
VirusTotal.Analysis.data.attributes.dateDate of the analysis in epochnumber
VirusTotal.Analysis.data.attributes.statusStatus of the analysisstring
VirusTotal.Analysis.meta.file_info.sha256SHA-256 of the filestring
VirusTotal.Analysis.meta.file_info.sha1SHA-1 of the filestring
VirusTotal.Analysis.meta.file_info.md5MD5 of the filestring
VirusTotal.Analysis.meta.file_info.namename of the filestring
VirusTotal.Analysis.meta.file_info.sizeSize of the file in bytesnumber
VirusTotal.Analysis.meta.url_info.idID of the urlstring

Playbook Image#


Detonate File - VirusTotal (API v3)