Skip to main content

Detonate URL - VirusTotal (API v3)

This Playbook is part of the VirusTotal Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Detonate URL through VirusTotal (API v3) integration.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • GenericPolling


  • VirusTotal (API v3)


This playbook does not use any scripts.


  • url-scan
  • vt-analysis-get

Playbook Inputs#

NameDescriptionDefault ValueRequired
URLEntry ID of the file to detonateURL.DataOptional

Playbook Outputs#

PathDescriptionType of engines found the indicator harmless.number of engines found the indicator malicious.number of engines found the indicator suspicious.number of engines found the indicator timeout.number of engines found the indicator undetected.number of the analysis in epochnumber of the analysisstring of the analysis.string of object (analysis)string
VirusTotal.Analysis.meta.url_info.idID of the urlstring
VirusTotal.Analysis.meta.url_info.urlThe URLstring
VirusTotal.Analysis.idThe analysis ID.string

Playbook Image#

Detonate URL - VirusTotal API v3