icon-itdr.svg
ITDR

Enrichment Configuration Guide for VirusTotal

This configuration guide provides information on prerequisites and how to integrate Zscaler ITDR with VirusTotal to enhance events generated in the Zscaler ITDR Admin Portal with additional context.

VirusTotal aggregates various antivirus products and online scan engines to analyze suspicious files, URLs, and IP addresses to detect threats. VirusTotal runs the forwarded file or hash through multiple antivirus engines and rulesets to generate enriched reports with detailed results.

Prerequisites

Before you configure enrichment integration, ensure that you have:

Configuring Enrichment Integration with VirusTotal

To configure enrichment integration with VirusTotal:

  1. Go to Orchestrate > Enrich.
  2. Locate VirusTotal in the table, and click the Edit icon under the Actions column.

  3. In the VirusTotal window:

    1. Select Enabled.
    2. Enter the VirusTotal API key.

  4. Click Save.

    Enrichment integration with VirusTotal is enabled.

After enrichment integration is enabled, you can see the data from VirusTotal on the Event Logs page. The additional fields created in the event logs are prefixed with vt:

  • vt.positives
  • vt.total
  • vt.names
  • vt.error
  • vt.permalink
Related Articles
About Enrichment IntegrationEnrichment Configuration Guide for Hybrid AnalysisEnrichment Configuration Guide for Joe SandboxEnrichment Configuration Guide for Palo Alto Networks WildFireEnrichment Configuration Guide for ShadowserverEnrichment Configuration Guide for VirusTotal