Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an App
VirusTotal App app icon

VirusTotal App

VirusTotal App for Splunk VirusTotal App for Splunk is a lightweight Splunk App that allows you to enrich your security events with file reputation data retrieved from [VirusTotal](https://www.virustotal.com/), using the existing IOC Reputation API. This app provides a custom search command that accepts file hashes (MD5, SHA-1, or SHA-256), IP addresses, URLs, and domains, and queries the corresponding VirusTotal endpoints to retrieve relevant threat intelligence data — all without submitting new files or URLs for analysis. Key Features - Provides a custom SPL command (`vt`) that is easy to integrate into searches - Supports enrichment of multiple IOCs types: file hashes, IP addresses, URLs, and domains - Compatible with file hash formats: MD5, SHA-1, and SHA-256 - Automatically selects and queries the appropriate VirusTotal API endpoint based on the indicator type - Enrich data with stats, categorizations, tags, detection details by antivirus engines, and much more - Designed to work efficiently within automated alert enrichment pipelines - Includes a user-friendly UI for configuring the VirusTotal API key - Lightweight by design — no dashboards, saved searches, or additional objects - Fully compatible with Splunk Enterprise and Splunk Cloud

Built by Iván Fernández
splunk product badge
Latest Version 1.2.0
June 29, 2025
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0
Rating

0

(0)

Log in to rate this app
Support
VirusTotal App support icon
Developer Supported app
Ranking

#40

in Reputation
VirusTotal App for Splunk VirusTotal App for Splunk is a lightweight Splunk App that allows you to enrich your security events with file reputation data retrieved from [VirusTotal](https://www.virustotal.com/), using the existing IOC Reputation API. This app provides a custom search command that accepts file hashes (MD5, SHA-1, or SHA-256), IP addresses, URLs, and domains, and queries the corresponding VirusTotal endpoints to retrieve relevant threat intelligence data — all without submitting new files or URLs for analysis. Key Features - Provides a custom SPL command (`vt`) that is easy to integrate into searches - Supports enrichment of multiple IOCs types: file hashes, IP addresses, URLs, and domains - Compatible with file hash formats: MD5, SHA-1, and SHA-256 - Automatically selects and queries the appropriate VirusTotal API endpoint based on the indicator type - Enrich data with stats, categorizations, tags, detection details by antivirus engines, and much more - Designed to work efficiently within automated alert enrichment pipelines - Includes a user-friendly UI for configuring the VirusTotal API key - Lightweight by design — no dashboards, saved searches, or additional objects - Fully compatible with Splunk Enterprise and Splunk Cloud

Categories

Created By

Iván Fernández

Type

app

Downloads

70

Licensing

Splunk Answers

Resources

Login to report this app listing