VirusTotal provides a system for deploying YARA rules to hunt for files among the ones submitted for scanning. This can produce a large number of notifications. The VirusTotal Hunting integration provides a process and automation for paring this flow of notifications down to ones that are of highest confidence and priority. The malware samples that are most important are automatically downloaded and made available in the ThreatConnect malware vault for further analysis. It can optionally tag samples for analysis by any of the automated malware system integrations available in ThreatConnect. With Playbooks Apps & Templates, users can take the following automated actions
- Detonate with VirusTotal – this app sends a file to VirusTotal for analysis
- Get VirusTotal Behavior Report – this app gets file behavior report results from VirusTotal
- Get VirusTotal File Report – this app gets file report results from VirusTotal
This app can be found in the ThreatConnect App Catalog under VirusTotal.