Detonate URL - VirusTotal (API v3)
This Playbook is part of the VirusTotal Pack.#
Supported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
Detonate URL through VirusTotal (API v3) integration.
Dependencies#
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks#
- GenericPolling
Integrations#
- VirusTotal (API v3)
Scripts#
This playbook does not use any scripts.
Commands#
- url-scan
- vt-analysis-get
Playbook Inputs#
| Name | Description | Default Value | Required |
|---|---|---|---|
| URL | Entry ID of the file to detonate | URL.Data | Optional |
Playbook Outputs#
| Path | Description | Type |
|---|---|---|
| VirusTotal.Analysis.data.attributes.stats.harmless | Number of engines found the indicator harmless. | number |
| VirusTotal.Analysis.data.attributes.stats.malicious | Number of engines found the indicator malicious. | number |
| VirusTotal.Analysis.data.attributes.stats.suspicious | Number of engines found the indicator suspicious. | number |
| VirusTotal.Analysis.data.attributes.stats.timeout | Number of engines found the indicator timeout. | number |
| VirusTotal.Analysis.data.attributes.stats.undetected | Number of engines found the indicator undetected. | number |
| VirusTotal.Analysis.data.attributes.date | Date of the analysis in epoch | number |
| VirusTotal.Analysis.data.attributes.status | Status of the analysis | string |
| VirusTotal.Analysis.data.id | ID of the analysis. | string |
| VirusTotal.Analysis.data.type | Type of object (analysis) | string |
| VirusTotal.Analysis.meta.url_info.id | ID of the url | string |
| VirusTotal.Analysis.meta.url_info.url | The URL | string |
| VirusTotal.Analysis.id | The analysis ID. | string |
Playbook Image#
