List of Google TI Integrations

Google Threat Intelligence is the richest and most actionable crowdsourced threat intelligence suite. More than 3.6M users a month and tens of thousands of organizations world-wide rely on its threat reputation and context to be safer. Its popularity is such that most 3rd-party security technologies have built off-the-shelf turnkey integrations with our API, powering use cases such as automatic alert triage, event enrichment, false positive discarding, 2nd opinion detection and other threat detections and response flows. Some (not all) of these ubiquitous integrations are listed below, if you would like to ask about some other product or add an entry to this listing please do not hesitate to contact us.

SOAR Platforms

Palo Alto Cortex XSOAR (Demisto)

šŸš€ See content packs

šŸ“– Integrating Cortex XSOAR and VirusTotal for maximum incident response and investigation

šŸ“ŗ Cortex XSOAR VirusTotal Livehunt threat feeds

ā„¹ļø Build a champion SOC with VirusTotal and Palo Alto Cortex XSOAR

Splunk SOAR (Phantom)

šŸš€ Download the integration in Splunkbase

šŸ“– Learn about the integration in the official Splunk documentation site

šŸ“ŗ Create playbooks using VirusTotal enrichment

ā„¹ļø Import a playbook example to enrich your indicators

Chronicle SOAR (Siemplify)

šŸš€ Add VirusTotal from your Chronicle SOAR Integration Marketplace

šŸ“– Learn about the integration in the official Chronicle SOAR documentation site

šŸ“ŗ Create playbooks using VirusTotal enrichment

Swimlane

šŸš€ Download the VirusTotal plugin from Swimlane's Apphub

šŸ“– Understand the plugin from the official documentation

šŸ“ŗ Watch how VirusTotal leverages your Swimlane experience!

ServiceNow

šŸš€ Download the VirusTotal integration from the ServiceNow store

šŸ“– Set up the VirusTotal integration and start enriching with Threat Intelligence

šŸ“ŗ In this recording you can find the steps to set VirusTotal up in ServiceNow

IBM Qradar SOAR (Resilient)

šŸš€ Download from IBM's App Exchange

šŸ“– Improve your playbooks following the official documentation

Exabeam

šŸš€ Improve your Incident Response with the VirusTotal integration

Logpoint SOAR

šŸš€ Configure the VirusTotal integration in your Logpoint instance

šŸ“– Check some playbook examples using VT such as email investigation or phishing response

Securonix SOAR

šŸš€ Automate secops connecting the VirusTotal integration

Rapid7 InsightConnect

šŸš€ Install the VirusTotal and VirusTotal YARA extensions to improve and automate your detection

šŸ“– Empower your playbooks using VirusTotal intelligence

TheHive

šŸš€ Cortex analyzer allowing you to enrich and scan any IoC kind

Fortinet FortiSOAR

šŸš€ See VirusTotal standard connector

šŸš€ See VirusTotal Premium connector

šŸ“– Read the pertinent connector documentation.

šŸ“ŗ See how VirusTotal can supercharge phishing response in conjunction with FortiSOAR.


SIEM/XDR/TDR/Security Analytics Platforms

Chronicle

šŸš€ Contact us to empower Chronicle with VirusTotal Intelligence

šŸ“– Learn about the advantages of combining Chronicle and VirusTotal

Google Threat Intelligence for Splunk, the official Google TI Splunk Integration

šŸš€ Start unearthing threats, vulnerabilities and Threat Actors from your Splunk events

šŸ“– Learn about the insights VT4Splunk is going to bring to your Splunk

šŸ“ŗ Watch how to set it up and how it looks

Microsoft Sentinel

šŸš€ Activate the VirusTotal connector from the Sentinel marketplace

šŸ“– Check what the VirusTotal connector is capable of

šŸ“ŗ Create playbooks using VirusTotal reports

ā„¹ļø Automate your Sentinel incident triage

Palo Alto Cortex XDR

šŸš€ Configure the VirusTotal Threat Intel integration following the official guide

šŸ“– Investigate Incident key assets and artifacts

Cisco SecureX

šŸš€ Follow these steps to integrate VT with SecureX

šŸ“ŗ Start enriching your indicators with VirusTotal

IBM Qradar

šŸš€ Get the latest VT Integration for Qradar from IBM's App Exchange

šŸ“– Enrich your IOCs in Qradar following the official documentation

Securonix Snypr

šŸš€ Contact us to get an API key to configure automatic response with VirusTotal

šŸ“– Run enhanced playbooks

Logpoint

šŸš€ Configure the VirusTotal integration in your Logpoint instance

šŸ“– Enhance your threat hunting with VirusTotal + Logpoint

Wazuh

šŸš€ Follow these steps to configure the VT integration

šŸ“– Learn how the VirusTotal integration can be used for scanning files

ā„¹ļø Detect and remove malware

Fortinet FortiSIEM

šŸš€ Follow these steps to configure the VT integration


EDRs / EPPs / Nextgens / AVs / Endpoint Agents

Crowdstrike

šŸš€ Get the official VirusTotal integration!

šŸ“– Understand how VirusTotal enhances your experience in Crowdstrike

šŸ“ŗ Watch how to augment your Incident Response

ā„¹ļø Use VirusTotal to automate your SOC workflow

McAfee / Trellix

šŸš€ Create and import a malicious file hash feed

šŸš€ Enhance your Threat Intelligence Exchange server with VirusTotal enrichment

Symantec

šŸš€ When investigating a file, send it to VirusTotal to gather context

šŸ“ŗ Watch how to use VirusTotal as a second opinion

Tanium

šŸš€ Overlay IoC reputation for processes and other artifacts recorded by Tanium

šŸ“ŗ Watch how to identify risk in your Enterprise by checking Tanium data against VirusTotal


TIP Platorms

MISP

šŸš€ Get the VirusTotal import module

šŸ“– Check how to export and import VT Collections to MISP to empower your investigation!

Anomali Threatstream

šŸš€ Find the VirusTotal threat analysis tool in Anomali's marketplace

šŸ“– Learn how to set the VT integration up and what capabilities it offers


Email gateways / Mailbox defense / Phishing email analysis

KnowBe4 Phisher

šŸš€ Enhance your phishing protection with VirusTotal

Proofpoint

šŸš€ Follow the guide to automate your Incident Response with VirusTotal


SASE / Secure DNS

Cloudflare One

šŸš€ Use threat intelligence from VirusTotal to create rules within Cloudflare products

Zscaler

šŸš€ Follow these simple steps and enrich your logs


Network perimeter

Broadcom Content Analysis

šŸ“– Supercharge malware analysis by activating the VirusTotal service


Forensics

EnCase

šŸš€ Generate hash values for all tagged files and send the hash value to VirusTotal for scoring


Productivity Suites

Google Workspace Alert Center

šŸš€ View VirusTotal reports from the alert center

šŸ“– Check how VirusTotal enriches your alerts

ā„¹ļø Gmail events are also enriched with VirusTotal!


ā—ļø

Is your platform missing?

This list is not exhaustive, contact us to see if we support it or check VT4Browsers, our pragmatic browser extension that will enrich every indicator displayed in any platform!