The VirusTotal – Scan URL action will iterate over the selected scope entities, and initiate a request to VirusTotal for each entity whose type is URL. When finished, the action will enrich the URL entities with a VirusTotal report and also post the result on the case wall.
An “is_risky” value will also be exposed so you can add further conditions to the playbook if some URLs were found risky.

Need more help with this?
Click here to open a Support ticket

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.