VirusTotal Hunting

introduction this guide tells you how to authenticate the virustotal hunting connector in swimlane using api key authentication you will obtain a virustotal api key (public or premium) and configure the connector asset in swimlane virustotal access requirements you must have virustotal permissions to register a virustotal account access your api key from the virustotal portal request a premium api key (optional) required credentials during setup, you will collect url api key (x apikey) supported version this connector supports the virustotal hunting api v3 virustotal setup public api key take the following steps to obtain a public api key register with the virustotal community by going to the virustotal website and clicking new? join the community provide a name, email, username, and password once complete, click join us an activation link will be sent to the email you provided click on the activation link to activate your virustotal community membership return to the virustotal homepage and click the blue message icon on the lower right hand corner of the homepage to open the virustotal bot window click the option, i have a feed of new files that i can upload, i want free api quota to do so a window opens where you can create a message to virustotal complete the subject and email fields and then include a simple message stating why you need a free api key once virustotal reviews your message, you can sign into your account and find your public api in the corresponding menu item, api key, under your username premium api key take the following steps to request a premium api key login to your account click your username and then click api key click request premium api key fill out the request prompt on this page required fields include company size , company country , and already paying customer? virus total will respond to your request asset setup the asset requires an api key to use if your organization requires the use of a proxy, then that proxy can be used during the asset setup the public api is limited to 500 requests per day and a rate of 4 requests per minute must not be used in commercial products or services must not be used in business workflows that do not contribute new files connector configuration in swimlane log in to turbine from the left hand navigation pane, click orchestration and click assets asset homepage opens click plus icon to open the configure your connector asset window select virustotal hunting from the asset type list fill in the asset settings and asset input as shown field description required/optional url a url to the target host (virustotal hunting api endpoint url) required x apikey api key provided by virustotal required verify ssl verify ssl certificate optional http proxy a proxy to route requests through optional fields with marks are required click create troubleshooting if you encounter an authentication error verify the api key is correct and active confirm the url is correct for the virustotal hunting api v3 if using the public api, verify you have not exceeded rate limits if required, configure http proxy and verify outbound connectivity you have successfully authenticated the virustotal hunting connector in swimlane