IBM Security QRadar SOAR

 View Only

Threat feed - VirusTotal changes

By BEN WILLIAMS posted Fri November 19, 2021 11:12 AM

Earlier this year, VirusTotal changed their license terms (

A consequence of which, is that Public API keys are now limited to 500 queries per day. As our service deals with this you may have noticed long delays in artifact scanning as a result of this.

Furthermore, public API keys are no longer allowed to be used in commercial products, including IBM Security SOAR.

In accordance to VirusTotal's new terms, unfortunately we will have to disallow the usage of public API keys in artifact look ups in the coming months. If a public API key is used, then the VirusTotal threat feed will be automatically disabled. If you have a public API key and find the VirusTotal threat feed to be useful, then please obtain a VirusTotal premium API key.

Apologies for any inconvenience this may cause to you, either presently or when we disallow usage of public API keys in the future, but we hope you appreciate the reasons behind this.