Virus Total | APIv3 | Domain enricher#
The Domain enricher provides additional intelligence connected to domain observables.
Observable types#
This Enricher only enriches domain observables.
Endpoints & Outputs#
Endpoint |
Reponse |
Output type |
|---|---|---|
Communicating files |
Files known to communicate with the enriched domain. |
|
Downloaded files |
Files that have been downloaded from the enriched domain. |
|
Historical SSL certificates |
Hashes of SSL certificates associated with the enriched domain at some point in time. |
|
URLs |
Known URLs under the enriched domain. |
|
Resolutions |
Past and current IPv4 addresses that the enriched domain resolves to. |
|
MX records |
All MX records associated with the enriched domain. |
|
NS records |
All NS records associated with the enriched domain. |
|
Referrer files |
Files that contain a string representation of the enriched domain. |
|
SOA records |
All SOA records associated with the enriched domain. |
|
Subdomains |
All direct subdomains for the enriched domain. |
|
Configure#
Make sure you’ve configured your VT APIv3 key.
Required fields
Fields on the Enricher pane marked with an asterisk (“*”) are required to fill in, but may come pre-filled.
Go to Data configuration
> Enrichers.Filter the list by searching for
VirusTotal APIv3 Domain enricher.In the row of the URL enricher, select More
> Edit.For Source reliability, select the source reliability rating that will be applied to the Entities and Observables this enricher will produce if you haven’t configured it yet.
Under API key, enter your VirusTotal API key if you haven’t configured it yet.
Under Include Endpoints, select the Endpoints you’d like the enricher to hit.
(Optional) Change the Description.
(Optional) Change the Cache validity, Rate limit, or Monthly execution cap.
(Optional) Select Create Parent Report or SSL verification and supply a Path to SSL certificate file.
Check the Enabled box to enable the enricher when you’re done configuring it.
Select Save.