🚧
Special privileges required
Reports & Analysis are only available to users with the Google Threat Intelligence (Google TI) Enterprise or Enterprise Plus licenses.

Allows to search IoCs inside a report using advanced intelligence queries.

The expected input is the same as /intelligence/search. By default it searches files, in order to search other entities use entity:domain/ip/url.

Examples

Search for IoCs related to a report that meet certain conditions.

import requests
import urllib

object_id = "report--24-10074013"
query = "p:4+"
attributes = "name"
limit = "2"
url = f"https://www.virustotal.com/api/v3/collections/{object_id}/search?query={query}&limit={limit}&attributes={attributes}"
headers = {"accept": "application/json","x-apikey": <api-key>}
response = requests.get(url, headers=headers)

200200