The VirusTotal – Scan URL action will iterate over the selected scope entities, and initiate a request to VirusTotal for each entity whose type is URL. When finished, the action will enrich the URL entities with a VirusTotal report and also post the result on the case wall.
An “is_risky” value will also be exposed so you can add further conditions to the playbook if some URLs were found risky.
Need more help with this?
Click here to open a Support ticket