Use this endpoint to add associations between IoC Collections and a certain Hunting ruleset.
Automatically add Hunting rulesets matches to an IoC Collection
To automatically add IoCs matching your Hunting rulesets to an IoC Collection, enable the
associated_collections_feed_enabledparameter for those rulesets.
This endpoint requires the user to be the owner or an editor of involved objects, and IOC Collections' descriptors as follows:
{
"data": [
{
"id": "<_string_> IoC Collection identifier",
"type": "collection"
}
]
}
To find your IoC Collections identifiers, navigate to your Profile from the user menu in the top-right corner of the web interface, then go to the COLLECTIONS tab and open the specific collections you're interested in. You'll find the IoC Collection identifier in the URL.
Examples
Create new associations between 20899097850 Hunting ruleset and ab622fb5f4e6382109fe89ed466aafbaef1b79c31cb2c7e1d1f59ffde772715f and 27b2351c8da7419a80cbeb108ac3ac91406af5e33c7158df4e2f2be54809ef64 IoC Collections.
import requests
payload = {
"data":
[
{
"id": "ab622fb5f4e6382109fe89ed466aafbaef1b79c31cb2c7e1d1f59ffde772715f",
"type": "collection"
},
{
"id": "27b2351c8da7419a80cbeb108ac3ac91406af5e33c7158df4e2f2be54809ef64",
"type": "collection"
}
]
}
id = "20899097850"
url = f"https://www.virustotal.com/api/v3/intelligence/hunting_rulesets/{id}/relationships/associations"
headers = {
"accept": "application/json","x-apikey": <api-key>,"content-type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)