Updated 2 weeks ago by TruSTAR

This document explains how to set up and use the VirusTotal premium intelligence source with the TruSTAR Web App.

VirusTotal inspects items with over 70 antivirus scanners and URL/domain blacklisting services, in addition to a myriad of tools to extract observables from those items.

  • Source Type: Premium Intel
  • Update Type: Query-based
  • Time to Install: 10 minutes

Data Types

The integration pulls these Observables from VirusTotal:

  • IP
  • URL
  • MD5
  • SHA1
  • SHA256


  • Membership in the VirusTotal community
  • VirusTotal API Key
TruSTAR Admin rights are required to activate this Premium Intelligence feed.

Getting Started

  1. Log into the TruSTAR Web App.
  2. Click the Marketplace icon on the left side icon list.
  3. Choose Premium Intel.
  4. Click Subscribe on the VirusTotal box.
  5. Enter your VirusTotal API key and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

Known Issues

No reported issues.

Please reach out to if you have issues with this integration.

How Did We Do?