September 24th, 2023 - Technology integrations hub and assisted YARA rules with the IoC structure explorer

What's new?

• VirusTotal to third-party technology integrations explorer. VirusTotal is the richest and most actionable crowdsourced threat intelligence suite. More than 3.6M users a month and tens of thousands of organizations world-wide rely on its threat reputation and context to be safer. Its popularity is such that most 3rd-party security technologies have built off-the-shelf turnkey integrations with our API, powering use cases such as automatic alert triage, event enrichment, false positive discarding, 2nd opinion detection and other threat detections and response flows. We recently started to document some of those home-grown and community/vendor-developed third-party integrations in our API reference. In order to make those integrations even more discoverable, we have rolled out an integrations explorer, including search, technology categories and more. It is by no means exhaustive, if you are missing an integration, please let us know.

• One-click assistant to build VT HUNTING YARA rules matching IoC analysis and metadata properties. VT Hunting Livehunt allows VT Enterprise users to write YARA rules that are matched against the incoming live stream of files uploaded to VirusTotal. It has become a de-facto standard to monitor threat campaigns and malware toolkits, as well as to track threat actors going forward. What’s differentiated about YARA in VirusTotal is that you can (1) match any kind of IoC, not only files; and (2) that you can match VirusTotal technical analysis properties and metadata as opposed to only binary contents. Matching of network indicators and analysis properties & metadata is done through the “vt” YARA module (network indicator matching and file analysis matching). Now, discovering all the properties that can be matched is a tedious task involving reading a significant amount of documentation, to ease this task we have now incorporated a “structure explorer” that allows you to navigate the property tree of any kind of VirusTotal IoC and compose YARA rules by just clicking on the pertinent properties.