IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Diffrence between VirusTotal threat source and VirusTotal app

  • 1.  Diffrence between VirusTotal threat source and VirusTotal app

    Posted Wed August 18, 2021 09:20 AM
    Hi,
    I am still learning about SOAR and I was wondering what is the difference between the VirusTotal threat source from the "Administrator Settings" and the VirusTotal app that can be installed from the app Exchange?
    Thanks

    ------------------------------
    Pierre Dufresne
    ------------------------------


  • 2.  RE: Diffrence between VirusTotal threat source and VirusTotal app

    Posted Thu August 19, 2021 03:03 AM
    Enable threat source in Admin settings, the hashes, url, and IP address artifacts will be sent for VirusTotal scan. 
    With the VirusToal App installed, it will create a function to perform scan. You may compose an artifact menu or auto rule per your own workflow.

    ------------------------------
    Leo Kuo
    ------------------------------

    Original Message


Related Content