![]() If the YARA rules analysis threshold is enabled: ![]() The integration will calculate its average and will compare it to the threshold. Domain popularity ranks: VirusTotal is returning a popularity ranks for each vendor.Indicators with positive results equal to or higher than half of the threshold value, and lower than the threshold, will be considered suspicious.Indicators with positive results equal to or higher than the threshold will be considered malicious.Indicators with positive results from preferred vendors equal to or higher than the threshold will be considered malicious.You can also specify the threshold as an argument when running relevant commands. Indicator Thresholds #Ĭonfigure the default threshold for each indicator type in the instance settings. The following information describes DBot Score which is new for this version. Your API key carries all your privileges, so keep it secure and don't share it with anyone. Your API key can be found in your VirusTotal account user menu: See Premium analysis - Relationship Files ThresholdĬlick Test to validate the URLs, token, and connection. Premium Subscription Only: Relationship Files Threshold Sigma and Intrusion Detection Rules Threshold The minimum number of highly trusted vendors required to consider a domain, IP address, URL, or file as malicious.Įnable score analyzing by Crowdsourced Yara Rules, Sigma, and IDS CSV list of vendors who are considered more trustworthy. Minimum number of positive results from VT scanners to consider the domain malicious. Minimum number of positive results from VT scanners to consider the URL malicious.ĭomain Threshold. Minimum number of positive results from VT scanners to consider the IP malicious. Minimum number of positive results from VT scanners to consider the file malicious. See Premium analysis - Relationship Files Threshold)įile Threshold. Reliability of the source providing the intelligence data Navigate to Settings > Integrations > Servers & Services.Ĭlick Add instance to create and configure a new integration instance. Configure VirusTotal (API v3) on Cortex XSOAR # The integration was integrated and tested with version v3 API of VirusTotal. This integration analyzes suspicious hashes, URLs, domains, and IP addresses. Supported Cortex XSOAR versions: 5.5.0 and later.
0 Comments
Leave a Reply. |