PDF(143.8 KB) View with Adobe Reader on a variety of devices
ePub(197.5 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(154.3 KB) View on Kindle device or Kindle app on multiple devices
Updated:September 8, 2020
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes the steps to integrate Cisco SecureX with VirusTotal.
Cisco recommends that you have knowledge of these topics:
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
In order to configure a new VirusTotal enrichment module, you must first generate an API Key in VirusTotal and then add the VirusTotal module.
Step 1. InVirusTotal, click the VirusTotal user icon and chooseSettings.
Step 2. ClickAPI Keyand save the key value, as shown in the image.
Step 3. On the SecureX portal, navigate to Integrations, click onAdd New Module, as shown in the image
Step 4. On the VirusTotal section, click on Add New module as shown in the image.
Step 5. Enter in this section your VirusTotalAPI Keyand clickSave, as shown in the image.
Note: The Public API is limited to a maximum of 4 requests per 1-minute time frame. The VirusTotal enrichment module makes one API request per observable. VirusTotal also offers aPrivate APIwhich provides a higher request rate.
Use this section to confirm that your configuration works properly.
In order to verify that the module works as expected, navigate to the Cisco Threat Response portal and make an investigation, the results display the modules enriched, as shown in the image.
This section provides the information you can use to troubleshoot your configuration.
Step 1. Make sure the API credentials are properly copied in the module section from the SecureX portal.
Step 2. Verify that the API credentials have the right permissions and are currently available.
Note: Refer to the VirusTotal API error documentation in the case of any unexpected error.
You can find the configuration steps contained in this article in this video.