Virus Total | APIv3 | URL enricher#
The URL enricher provides additional intelligence connected to uri observables.
Observable types#
This Enricher only enriches uri observables.
Endpoints & Outputs#
Endpoint |
Reponse |
Output type |
|---|---|---|
Communicating files |
Files known to communicate with the enriched uri. |
|
Contacted domains |
Domains from which the enriched uri has loaded resources. |
|
Contacted IPs |
IP addresses from which the enriched uri has loaded resources. |
|
Downloaded files |
Files that have been downloaded from the enriched uri. |
|
Embedded JS files |
JS scripts found in the response retrieved from the enriched uri. |
|
Last serving IP address |
Last-known IPv4 address that the enriched URL resolved to. |
|
Redirecting URLs |
URLs that redirect to the enriched uri. |
|
Referrer files |
Files that contain a string representation of the enriched uri. |
|
Referrer URLs |
URLs that contain a string representation of the enriched uri. |
|
Configure#
Make sure you’ve configured your VT APIv3 key.
Required fields
Fields on the Enricher pane marked with an asterisk (“*”) are required to fill in, but may come pre-filled.
Go to Data configuration
> Enrichers.Filter the list by searching for
VirusTotal APIv3 URL enricher.In the row of the URL enricher, select More
> Edit.For Source reliability, select the source reliability rating that will be applied to the Entities and Observables this enricher will produce if you haven’t configured it yet.
Under API key, enter your VirusTotal API key if you haven’t configured it yet.
Under Include Endpoints, select the Endpoints you’d like the enricher to hit.
(Optional) Change the Description.
(Optional) Change the Cache validity, Rate limit, or Monthly execution cap.
(Optional) Select Create Parent Report or SSL verification and supply a Path to SSL certificate file.
Check the Enabled box to enable the enricher when you’re done configuring it.
Select Save.