API Reference

Create a new IoC collection

post https://www.virustotal.com/api/v3/collections

Use this endpoint to create new IoC collections. In the request body, send a collection object containing its name, description and the elements it will contain (for URLs you can either use the URL or its ID). All IOCs must be described as relationships of a newly created Collection object. This is an example request body:

{
	"data": {
		"attributes": {
			"name": "Test IoC collection",
			"description": "This is how to create a new IoC collection via API."
		},
		"relationships": {
			"domains": {
				"data": [
					{
						"type": "domain",
						"id": "www.virustotal.com"
					},
					{
						"type": "domain",
						"id": "www.hooli.com"
					}
				]
			},
			"urls": {
				"data": [
					{
						"type": "url",
						"url": "https://www.virustotal.com/"
					},
					{
						"type": "url",
						"id": "f11f7cc900638fae209f68498a90158fbfb067fc4191549ddb657e39cc4428c2"
					}
				]
			},
			"ip_addresses": {
				"data": [
					{
						"type": "ip_address",
						"id": "8.8.8.8"
					}
				]
			},
			"files": {
				"data": [
					{
						"type": "file",
						"id": "ecc0f2aa29b102bf8d67b7d7173e8698c0341ddfdf9757be17595460fbf1791a"
					}
				]
			}
		},
		"type": "collection"
	}
}

{
	"data": {
		"attributes": {
			"name": "Test IoC collection",
			"description": "This is how to create a new IoC collection via API."
		},
		"raw_items": "This is a text containing an IoC, www.virustotal.com",
		"type": "collection"
	}
}

To modify the IoC collection's attributes or add more elements to an IoC collection using a raw text, refer to the PATCH/collections/{id} endpoint.
To add new elements to the IoC collection refer to the POST /collections/{id}/{relationship} endpoint.
To remove elements from the IoC collection refer to the DELETE /collections/{id}/{relationship} endpoint.

Examples

Create a new private IoC collection with 2 IoCs which are google.com and virustotal.com domains.

import requests

url = "https://www.virustotal.com/api/v3/collections"
payload = {
    "data":
    {
        "type": "collection",
        "attributes":
        {
            "name": "Test IoC collection",
            "description": "This is how to create a new collection via API.",
            "private": True
        },
        "raw_items": "google.com, google.com"
    }
}
headers = {
    "accept": "application/json","x-apikey": <api-key>,"content-type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)
Language
Click Try It! to start a request and see the response here!