What's new?
- SSO Authentication. Users can now sign in or sign up to VirusTotal via single sign-on. 3 identity providers have been added: Google, Twitter and GitHub. Microsoft will soon follow, SAML soon thereafter. The new SSO feature works with pre-existing VirusTotal Community accounts, in other words, if you already had an account tied to your Gmail account, for example, you may still use SSO as a more convenient way to log in to VirusTotal.
- Extended crowdsourced YARA detection. 3 new community repositories have been added to our crowdsourced YARA detection setup. This complements antivirus engines, sandbox dynamic analysis, SIGMA rules, etc. to provide multi-angular characterization of files through orthogonal detection mechanisms. These are the newly added repositories:
- New IoC relationship: URLs sharing the same tracker ID. VirusTotal interlinks all the observables (files, hashes, URLs, domains IPs) in its dataset in order to provide advanced context on threats. We allowe VT INTELLIGENCE users to pivot over the corpus based on web trackers (Google Ads IDs, Facebook IDs, etc.). Now we are making contextualization easier by incorporating the pivot as a full-fledged relationship that directly shows up in the Relations tab of URL reports and can be easily explored with VT GRAPH.
What has changed?
- Numeric identifiers for crowdsourced YARA rulesets. Numeric identifiers for existing Crowdsourced YARA rulesets have changed. This means that searches like crowdsourced_yara_rule:002735f19d|PyInstaller may return 0 results if 002735f19d is an old identifier. All links in our UI already have the new identifiers, so this should affect only those users that stored the identifiers on their side and may be using them to run periodic searches.