IBM QRadar SOAR

 View Only

Deprecating support for free API key for VirusTotal

By BEN WILLIAMS posted Tue January 11, 2022 04:34 AM

  

We have previously communicated changes in VirusTotals license terms and of our intention to adhere to those terms and its impact on current public API key usage.

https://community.ibm.com/community/user/security/blogs/ben-williams1/2021/11/19/threat-feed-virustotal-changes

IBM Security SOAR's built-in threat service will no longer support public API key for VirusTotal. The change was implemented on the 10th January 2022.

Now, a VirusTotal threat source will be turned off automatically if a public API key is used. The administrative user will receive a system notification that the VirusTotal threat source has been turned off. Additionally, users can no longer enable VirusTotal threat feed with a public API key.



Once the VirusTotal threat service is turned off the administrative user will receive an email in the following format.

The VirusTotal threat feed for <OrgName> Org on https://<your_soar_url> has been disabled because the API key has reached its usage limit. Please re-enable the threat feed after adjusting its quota. If you continue to experience trouble with this threat feed, please contact IBM Security Customer Support.

An improved email notification statement is coming in an IBM SOAR release in 2022


The VirusTotal threat feed for <OrgName> Org on https://<your _soar_url> is disabled because public API key is no longer supported for this threat feed. Please re-enable the threat feed with a premium API key. If you continue to experience problems with this threat feed, please contact IBM Support. 

We can only apologise for any inconvenience this may cause you but we hope you understand that we must adhere to VirusTotal's terms and conditions.

0 comments
18 views

Permalink