VirusTotal

VirusTotal is generally regarded as a reliable source for threat intelligence and offers both free and paid services. The VirusTotal plugin supports enriching URLs, files, hashes, IP addresses, and domains with threat intelligence provided by VirusTotal.

To create a VirusTotal connection, you will only need a user API key from VirusTotal. This document explains how to configure a free VirusTotal account for use with InsightConnect.

VirusTotal Public API constraints

The VirusTotal Public API is a cost-free threat intelligence service that is rate-limited. The Public API (as of 5/27/2021) is limited to 500 requests per day and a rate of 4 requests per minute. See VirusTotal's API documentation for more information.

Get a VirusTotal API Key

To obtain your API key from VirusTotal, sign up for a free account with your name and email address and login. Alternatively, log into an existing account. Click your profile in the upper right and select API key. Copy your API key.

Create a VirusTotal Connection in InsightConnect

Log in to InsightConnect and create a connection. Select VirusTotal from the plugins list. Create a new credential, name the new credential, and enter your VirusTotal API key in the secret key field. The default values for URL, Quota Maximum Retries, and Quota Retry Interval are ideal in most cases. Save the connection and check your connection test to confirm it is successful.