VirusTotal: Get File Scan Report
Description
This step retrieves the scan report for a previously submitted file from VirusTotal. You provide the scan ID or file hash, and the step returns the detection results from multiple antivirus engines. Use this step after a Scan File step to check whether a file was flagged as malicious, or to look up known file hashes against the VirusTotal database.
References:
- Documentation URL: https://developers.virustotal.com/reference/file-info
- URL for API Request: https://www.virustotal.com/api/v3/files/{id}
tip
The plugin will work as per API quota allowances for a user.
Configurations
Configuration tab:
| No. | Field Name | Description |
|---|---|---|
| 1 | Step name | Specify a unique name for the step. The name has to be unique in a single workflow. This is a mandatory field. |
| 2 | Accept value as variable / static | Leave checkbox unchecked to accept API Key value from a field in the previous steps of the stream using a drop down list. Else enable checkbox for API Key field to appear as Text box. |
| 3 | API Key | Specify or select the unique, public API key generated after signing up the Virus Total account. This is a mandatory field. |
Input tab:
| No. | Field Name | Description |
|---|---|---|
| 1 | ID | Select the resource ID. The resource can be the MD5, SHA-1 or, SHA-256 of a file for which you want to retrieve the most recent antivirus report. Note: Convert the file to SHA-256, SHA-1, or MD5 and select the generated ID. |
Output tab:
| No. | Field Name | Description |
|---|---|---|
| 1 | JSON Output | Specify the output field to hold the result of the successful plugin execution. Default value: JSONOutput |