Skip to main content

Detonate Private File - VirusTotal Private Scanning

This Playbook is part of the VirusTotal Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Detonate a private file through VirusTotal Private Scanning service

See files through the eyes of VirusTotal without uploading them to the main threat corpus, keeping them entirely private. Static, dynamic, network and similarity analysis included, as well as automated threat intel enrichment, but NOT multi-antivirus analysis.

More information:

Get Private Scanning:


This playbook uses the following sub-playbooks, integrations, and scripts.


  • GenericPolling


  • VirusTotal (API v3)


  • Set


  • vt-privatescanning-analysis-get
  • vt-privatescanning-file-scan

Playbook Inputs#

NameDescriptionDefault ValueRequired
FilePrivate file to be uploaded to VirusTotalFileRequired

Playbook Outputs#

VirusTotal.Analysis.idThe analysis ID.string of the analysis.string of object (analysis).string severity level of the private file.string threat category of the private file.string verdict of the private file.string of the analysis in epochnumber of the analysisstring
VirusTotal.Analysis.meta.file_info.sha256SHA-256 of the filestring
VirusTotal.Analysis.meta.file_info.sha1SHA-1 of the filestring
VirusTotal.Analysis.meta.file_info.md5MD5 of the filestring
VirusTotal.Analysis.meta.file_info.namename of the filestring
VirusTotal.Analysis.meta.file_info.sizeSize of the file in bytesnumber

Playbook Image#

Detonate Private File - VirusTotal Private Scanning