Incoming feed - VirusTotal IoC Stream

Note

This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Create and configure incoming feeds.

	Specifications
Transport type	VirusTotal IoC
Content type	VirusTotal V3 JSON
Ingested data	Retrieves IoCs that: originate from the countries selected. were created after the date selected.
Processed data	IoC files with relationships.
Description	Retrieve and process information on indicators of compromise from specific countries and timeframes.

Configure the incoming feed

1. Create or edit an incoming feed.

2. From the Transport type drop-down menu, select VirusTotal IoC.

3. From the Content type drop-down menu, select VirusTotal V3 JSON.

4. The API URL field is automatically filled in with the default domain for the endpoint: https://www.virustotal.com/api/v3/ioc_stream.
   You can add a proxy or set up ports according to your needs.
   

5. In the API key field, enter your VirusTotal API key. Sign up to the VirusTotal community to automatically be assigned a personal API key to access the VirusTotal API.
   If necessary, contact the intelligence provider to subscribe to the service and to obtain this information, along with any required authentication and authorization credentials.

• Under Filter by specific Source Country Code, enter a ISO 3166-1 alpha-2 two-letter country code to filter the stream to selected countries. Separate multiple countries with commas.

1. Select the Start ingesting from field, use the drop-down calendar to select a start date, and set a start time. The feed will fetch content from the stream starting from the time you specified.

2. To store your changes, select Save.