VirusTotal | APIv3 | Enrichers

Note

This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Create and configure incoming feeds.

VirusTotal (VT) offers a host of enrichment endpoints that all provide different kinds of additional intelligence. In EclecticIQ Intelligence Center, you can integrate these endpoints through four enrichers that each enrich a particular type of Observable.

Requirements

• VirusTotal Premium API key

Common configurations

Your VT APIv3 enrichers can all operate on the same API key and with the same Source reliability. You can set these for all VT APIv3 enrichers at once:

1. Go to Data configuration > Enrichers.

2. Filter the list by searching for VirusTotal APIv3.

3. In the left end of the rows, select the checkboxes of the enrichers you want to use.

4. In the header of the table, select More > Edit common fields.

5. For Source reliability, select the source reliability rating that will be applied to the Entities and Observables these enrichers will produce.
   Don’t set it if you’d like to have a separate Source reliability for each enricher.

6. Under API key, enter your VirusTotal API key.

7. Select Save.

Don’t configure for Public API access

The enrichers can technically work with Public API access, but are likely to fail because the number of API requests made will exceed the 4 requests-per-minute limit for Public API keys for , and may quickly exhaust your 500 requests-per-day limit even if the requests fail.

Enrichers

• Domain

• Hash

• IP

• URL