We have previously communicated changes in VirusTotals license terms and of our intention to adhere to those terms and its impact on current public API key usage.
IBM Security SOAR's built-in threat service will no longer support public API key for VirusTotal. The change was implemented on the 10th January 2022.
Now, a VirusTotal threat source will be turned off automatically if a public API key is used. The administrative user will receive a system notification that the VirusTotal threat source has been turned off. Additionally, users can no longer enable VirusTotal threat feed with a public API key.
Once the VirusTotal threat service is turned off the administrative use
r will receive an email in the following format.The VirusTotal threat feed for <OrgName> Org on https://<your_soar_url> has been disabled because the API key has reached its usage limit. Please re-enable the threat feed after adjusting its quota. If you continue to experience trouble with this threat feed, please contact IBM Security Customer Support.
An improved email notification statement is coming in an IBM SOAR release in 2022
The VirusTotal threat feed for <OrgName> Org on https://<your _soar_url> is disabled because public API key is no longer supported for this threat feed. Please re-enable the threat feed with a premium API key. If you continue to experience problems with this threat feed, please contact IBM Support.
We can only apologise for any inconvenience this may cause you but we hope you understand that we must adhere to VirusTotal's terms and conditions.