VT4Splunk

Unearth malware, adversaries and other breaches hiding in your environment with crowdsourced threat reputation and context coming from hundreds of security vendors and millions of monthly users on VirusTotal.com. If you would like to unleash the full potential of VirusTotal applied to your security telemetry please do not hesitate to contact us at: https://www.virustotal.com/gui/contact-us/premium-services. VT4Splunk automatically enriches your Splunk logs with threat intelligence coming from VirusTotal. It allows you to contextualize IoCs (files/hashes, domains, IP addresses, URLs) and confirm malicious intent/discard false positives. The context added includes: security industry reputation, threat categories and labels, associated campaigns and threat actors, etc. Feature highlights: - Command-line driven threat intelligence enrichment of subsets of events when conducting investigations. - Automatic scheduled enrichment of all events to continuously identify breaches in your environment. - Single pane of glass IoC contextualization via embedded VT Augment widget. - Dashboards and reporting including: * Threat Intelligence view summarizing malware activity in your environment. * Vulnerability Intelligence view shedding light into malicious files trying to exploit specific vulnerabilities (identified by CVE) in your environment. * Adversary Intelligence view identifying threat {campaigns, toolkits, actors} observed in your environment. * MITRE ATT&CK matrix identifying tactics and techniques observed in your environment.

Built by VirusTotal Team

Latest Version 1.8.2

April 3, 2025

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0

Rating

0

(0)

Log in to rate this app

Support

Developer Supported addon

Learn more

Ranking

#6

in Threat Intel

#14

in Reputation

Unearth malware, adversaries and other breaches hiding in your environment with crowdsourced threat reputation and context coming from hundreds of security vendors and millions of monthly users on VirusTotal.com. If you would like to unleash the full potential of VirusTotal applied to your security telemetry please do not hesitate to contact us at: https://www.virustotal.com/gui/contact-us/premium-services. VT4Splunk automatically enriches your Splunk logs with threat intelligence coming from VirusTotal. It allows you to contextualize IoCs (files/hashes, domains, IP addresses, URLs) and confirm malicious intent/discard false positives. The context added includes: security industry reputation, threat categories and labels, associated campaigns and threat actors, etc. Feature highlights: - Command-line driven threat intelligence enrichment of subsets of events when conducting investigations. - Automatic scheduled enrichment of all events to continuously identify breaches in your environment. - Single pane of glass IoC contextualization via embedded VT Augment widget. - Dashboards and reporting including: * Threat Intelligence view summarizing malware activity in your environment. * Vulnerability Intelligence view shedding light into malicious files trying to exploit specific vulnerabilities (identified by CVE) in your environment. * Adversary Intelligence view identifying threat {campaigns, toolkits, actors} observed in your environment. * MITRE ATT&CK matrix identifying tactics and techniques observed in your environment.