VirusTotal connector

Serverless Preview Stack Preview

The VirusTotal connector communicates with the VirusTotal API for file scanning, URL analysis, and threat intelligence lookups.

Create connectors in Kibana

You can create connectors in Stack Management > Connectors. For example:

Connector configuration

VirusTotal connectors have the following configuration properties:

API Key: The VirusTotal API key for authentication.

Test connectors

You can test connectors as you're creating or editing the connector in Kibana.

The VirusTotal connector has the following actions:

Scan File Hash

Look up a file hash (MD5, SHA-1, or SHA-256) to get scan results.

Hash (required): File hash (minimum 32 characters).

Scan URL

Submit a URL for analysis and get scan results.

URL (required): URL to scan.

Submit File

Submit a file for analysis.

File (required): Base64-encoded file content.
Filename (optional): Original filename.

Get IP Report

Get reputation and details about an IP address.

IP (required): IPv4 address.

Connector networking configuration

Use the Action configuration settings to customize connector networking configurations, such as proxies, certificates, or TLS settings. You can set configurations that apply to all your connectors or use xpack.actions.customHostSettings to set per-host configurations.

Get API credentials

To use the VirusTotal connector, you need an API key:

Go to VirusTotal.
Sign up for an account or log in.
Navigate to your API Key page.
Copy your API key. For free accounts, you'll have rate limits. Consider upgrading to a premium account for higher limits.
Copy the API key to configure the connector.