This configuration guide provides information on prerequisites and how to integrate Zscaler ITDR with VirusTotal to enhance events generated in the Zscaler ITDR Admin Portal with additional context.

VirusTotal aggregates various antivirus products and online scan engines to analyze suspicious files, URLs, and IP addresses to detect threats. VirusTotal runs the forwarded file or hash through multiple antivirus engines and rulesets to generate enriched reports with detailed results.

Prerequisites

Before you configure enrichment integration, ensure that you have:

• Network connectivity from the ITDR Admin Portal to the VirusTotal API server.
• An active VirusTotal account.

• Obtained the VirusTotal API key.

  See image.

  

  Close

Configuring Enrichment Integration with VirusTotal

To configure enrichment integration with VirusTotal:

1. Go to Orchestrate > Enrich.

2. Locate VirusTotal in the table, and click the Edit icon under the Actions column.

   See image.

   

   Close

3. In the VirusTotal window:

   1. Select Enabled.
   2. Enter the VirusTotal API key.

   See image.

   

   Close

4. Click Save.

   Enrichment integration with VirusTotal is enabled.

After enrichment integration is enabled, you can see the data from VirusTotal on the Event Logs page. The additional fields created in the event logs are prefixed with vt:

• vt.positives
• vt.total
• vt.names
• vt.error
• vt.permalink