VirusTotal

adem_netsys · ‎02-16-2023

When you search for a certain ip block in the virustotal address, it produces a few results, but it says zero in the reputation section in soar. how can we solve this in soar?

Anonymous · ‎02-16-2023

VT may not provide reputation score, every time.

But, we can look at "last_analysis_stats" and "last_analysis_results" to know more and take a decision.

View solution in original post

Anonymous · ‎02-16-2023

Hello Adem, Good Day!

Please share screenshot for your question.

Thanks

adem_netsys · ‎02-16-2023

Hello,

It returns a total of 9 results on the Virustotal site, but it shows up as zero in this soar playbook.

Thank you

Anonymous · ‎02-16-2023

Hello

You can use jinja expression to further process last_analysis_results from VT.

Below jinja code finds out total numbers of malicious from different TIP sources.

{{vars.steps.Get_IP_Reputation.data.attributes['last_analysis_stats'].malicious}}

adem_netsys · ‎02-16-2023

Hello,

yes when i did this the total number showed up but there is no way to do it in reputatiton?

Anonymous · ‎02-16-2023

VT may not provide reputation score, every time.

But, we can look at "last_analysis_stats" and "last_analysis_results" to know more and take a decision.

adem_netsys · ‎02-16-2023

Thank you so much, You've been very helpful.

VirusTotal

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website