VirusTotal

VirusTotal Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Microsoft Corporation
Support Tier	Microsoft
Support Link	https://support.microsoft.com/
Categories	domains
Version	3.0.0
Author	Microsoft - support@microsoft.com
First Published	2022-07-31
Solution Folder	VirusTotal
Marketplace	Azure Marketplace · Rating: ★☆☆☆☆ 1.0/5 (1 ratings) · Popularity: 🟢 High (81%)

The VirusTotal solution for Microsoft Sentinel contains Playbooks that can help enrich incident information with threat information and intelligence for IPs, file hashes and URLs from VirusTotal. Enriched information can help drive focused investigations in Security Operations.

Data Connectors
Tables Used
Content Items

Data Connectors

This solution does not include data connectors.

This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.

Tables Used

This solution queries 4 table(s) from its content items:

Table	Used By Content
`VTDomainReport_CL`	Playbooks (writes)
`VTFileReport_CL`	Playbooks (writes)
`VTIPReport_CL`	Playbooks (writes)
`VTURLReport_CL`	Playbooks (writes)

Content Items

This solution includes 9 content item(s):

Content Type	Count
Playbooks	9

Playbooks

Name	Description	Tables Used
FileHash Enrichment - Virus Total Report - Alert Triggered	This playbook will take each File Hash entity and query VirusTotal for file report (https://develope...	`VTFileReport_CL` (write)
FileHash Enrichment - Virus Total Report - Incident Triggered	This playbook will take each File Hash entity and query VirusTotal for file report (https://develope...	`VTFileReport_CL` (write)
IP Enrichment - Virus Total Report - Incident Triggered	This playbook will take each IP entity and query VirusTotal for IP Address Report (https://developer...	`VTIPReport_CL` (write)
IP Enrichment - Virus Total Report - Alert Triggered	This playbook will take each IP entity and query VirusTotal for IP Address Report (https://developer...	`VTIPReport_CL` (write)
IP Enrichment - Virus Total Report - Entity Trigger	This playbook will query VirusTotal Report for the selected IP Address (https://developers.virustota...	-
URL Enrichment - Virus Total Domain Report - Alert Triggered	This playbook will take each URL entity and query VirusTotal for Domain info (https://developers.vir...	`VTDomainReport_CL` (write)
URL Enrichment - Virus Total Domain Report - Incident Triggered	This playbook will take each URL entity and query VirusTotal for Domain Report (https://developers.v...	`VTDomainReport_CL` (write)
URL Enrichment - Virus Total Report - Alert Triggered	This playbook will take each URL entity and query VirusTotal for info (https://developers.virustotal...	`VTURLReport_CL` (write)
URL Enrichment - Virus Total Report - Incident Triggered	This playbook will take each URL entity and query VirusTotal for info (https://developers.virustotal...	`VTURLReport_CL` (write)

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.1	02-06-2025	Updated Playbook instructions for clarity
3.0.0	11-01-2024	Updated solution to 3.0.0 to fix IP Enrichment - Virus Total report playbook