MENU
      Contents x
      VirusTotal Integration
      • 05 Oct 2024
      • 1 Minute to read
      • Print
      • Dark
      Contents

      VirusTotal Integration

      • Updated on 05 Oct 2024
      • 1 Minute to read
      • Print
      • Dark
      Article summary

      You can easily integrate LimaCharlie with VirusTotal to enhance your data enrichment and detections. You will need a VirusTotal API key in order to utilize this add-on.

      VirusTotal Data Caching

      The free tier of VirusTotal allows four lookups per minute via the API. LimaCharlie employs a global cache of VirusTotal requests which should significantly reduce costs if you are using VirusTotal at scale. VirusTotal requests are cached for 3 days.

      Once you have your VirusTotal API key, you can add it to the integrations section of the LimaCharlie web app.

      image.png

      Once you have entered your API key, you can then create a rule to perform a lookup of a hash. For example, the following rule will let you know if there is a hit from VirusTotal on a hash with at least two different engines.

      path: event/HASH
op: lookup
resource: 'lcr://api/vt'
event: CODE_IDENTITY
metadata_rules:
  path: /
  value: 2
  length of: true
  op: is greater than
      YAML

      Was this article helpful?
      Related articles
      What's Next