VirusTotal integration setup

Release version: Australia

Updated March 12, 2026

1 minute to read

VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. It integrates easily with Security Operations.

Before you can use the VirusTotal integration, you must activate the plugin and add the appropriate API key. If necessary, you can also update your X509 SSL certification.

If the VirusTotal lookup source is used and malware is encountered, an observable is created. For IP lookups, an additional list of URLs that share the IP address is created, and observables are created for each of the URLs.

Note:

The Threat Intelligence plugin is required in order to implement VirusTotal integration.
The VirusTotal integration has been upgraded to Version 3 APIs.