Monday, February 7, 2022


February 7th, 2022 - SSO support for Microsoft

What's new? 

  • SSO authentication support for Microsoft. Last November we announced SSO support in VirusTotal. We have now extended the original set of supported identity providers (Google, Twitter and GitHub) with Microsoft. Microsoft customers can now sign in or sign up to VirusTotal with a single click. As a reminder, the SSO feature works with pre-existing VirusTotal Community accounts, in other words, if you already had an account tied to your Microsoft powered identity you may still use SSO as a more convenient and secure way to log in to VirusTotal.

What's fixed?

  • Creation date pivots. VT INTELLIGENCE allows users to pivot on any file, domain, IP address or URL analysis attribute, meaning that they can search over VirusTotal's historical corpus for other IoCs that share the same property. One of the analysis attributes available for pivoting is the file "creation date". This property means different things for different file types. For a Portable Executable file it is the PE compilation timestamp, for a PDF it is the generation date metadata field, same for Office documents. It is a field that can be tampered with, but very often certain malware builder kits will not change it, thus, it may be used for clustering purposes. Similarly, it can be used to try to understand attack timelines. There was a bug whereby the single-click pivot for the field in file reports was adding a trailing "UTC" to the search string, which is not supported and not needed, this has now been fixed. You can create on the "Creation Time" property of this file in order to test it.