IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Difference Between VirusTotal in Threat Sources and the VirusTotal App

  • 1.  Difference Between VirusTotal in Threat Sources and the VirusTotal App

    Posted Mon July 15, 2024 03:41 AM
    Edited by Yongwon Song Mon July 15, 2024 03:42 AM
    Hello, everyone.
    I am considering using VirusTotal with QRadar SOAR.
     
    Is there a difference between VirusTotal in Threat Sources and the VirusTotal App?
     
    I read a post from 2021, and it mentioned that VirusTotal Threat Sources only sends files for analysis, and the scanning functionality is available only when the VirusTotal App is added. Is that correct?
    Thank you.



    ------------------------------
    Yongwon Song
    ------------------------------



  • 2.  RE: Difference Between VirusTotal in Threat Sources and the VirusTotal App
    Best Answer

    Posted Tue July 16, 2024 08:29 AM

    Hi Yongwon,

    The threat service and app are very similar. The threat service is automatically triggered when an artifact is created, returning enrichment results as Hits within the artifact display. Then, a second enrichment is performed 48 hours later to collect any additional results which may have been discovered.

    The VirusTotal app now has this content pack to mimic the threat service, returning results as Hits to an artifact. This was created to provide more flexibility over the use of the threat service.

    Hope this helps.



    ------------------------------
    Mark Scherfling
    ------------------------------

    Original Message