- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VirusTotal
When you search for a certain ip block in the virustotal address, it produces a few results, but it says zero in the reputation section in soar. how can we solve this in soar?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VT may not provide reputation score, every time.
But, we can look at "last_analysis_stats" and "last_analysis_results" to know more and take a decision.
Professional Services Consultant
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Adem, Good Day!
Please share screenshot for your question.
Thanks
Professional Services Consultant
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
It returns a total of 9 results on the Virustotal site, but it shows up as zero in this soar playbook.
Thank you
Created on ‎02-16-2023 02:01 AM Edited on ‎02-16-2023 02:02 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
You can use jinja expression to further process last_analysis_results from VT.
Below jinja code finds out total numbers of malicious from different TIP sources.
{{vars.steps.Get_IP_Reputation.data.attributes['last_analysis_stats'].malicious}}
Professional Services Consultant
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
yes when i did this the total number showed up but there is no way to do it in reputatiton?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VT may not provide reputation score, every time.
But, we can look at "last_analysis_stats" and "last_analysis_results" to know more and take a decision.
Professional Services Consultant
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much, You've been very helpful.