docs.virustotal.com
Open in
urlscan Pro
34.117.229.111
Public Scan
URL:
https://docs.virustotal.com/docs/how-it-works
Submission Tags: falconsandbox
Submission: On April 05 via api from US — Scanned from DE
Submission Tags: falconsandbox
Submission: On April 05 via api from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
Jump to Content HomeGuidesAPI Referencev2.0v3.0 -------------------------------------------------------------------------------- Guides v3.0 HomeGuidesAPI Reference Search CTRL-K How it works All Guides Reference START TYPING TO SEARCH… ABOUT US * How it works * Join Community * Contributors * Comments * Terms of Service and Privacy Policy * Terms of Service * Historic Terms of Service * Privacy Policy * Historic Privacy Policy ACCOUNT MANAGEMENT * Group Management * Configure SAML with Okta * Configure SAML with Ping * Single Sign On Authentication * Searching for users * Walkthrough guide for VirusTotal group administrators * Service Accounts Management * Service Accounts * Quota Management * Understanding Consumption API * API Overview VT INTELLIGENCE * VirusTotal Intelligence Introduction * Searching * Search Modifiers * File search modifiers * IP address search modifiers * Domain search modifiers * URL search modifiers * File - List of Engines * Netloc - List of engines * Full list of VirusTotal Intelligence search modifiers * Full list of VirusTotal Intelligence tag modifier * Full list of VirusTotal Intelligence behaviour_tags modifier * Search Tools * File similarity search * Content search (VTGrep) * How VT Clue works * Searching using entities * VT Alerts * VirusTotal Collections Introduction IOC REPUTATION & ENRICHMENT * File Behaviours * In-house Sandboxes - behavioural analysis products * External behavioural engines sandboxes * Reports VT HUNTING * What's VT Hunting? * IOC Stream * Sources Subscriptions * Threat Feeds * Livehunt * File hunting: Writing YARA rules for Livehunt * Network hunting: Writing YARA rules for Livehunt * Examples of network hunting using Livehunt * Retrohunt * Crowdsourced Rules * Crowdsourced IDS Rules * Crowdsourced YARA Rules * Crowdsourced YARA rules dashboard * Sigma rules * Sigma Rule List * VTDIFF - Automatic YARA rules VT GRAPH * Introduction * Overview * Search and start new investigation * Management * Nodes * Commonalities and Hunting PRIVATE SCANNING * Private Scanning TECHNOLOGY INTEGRATIONS * Integrations * VT4Splunk, official VirusTotal app for Splunk * Connectors * Splunk * Mandiant Advantage - Threat Intelligence * MISP * List of VT Integrations TOOLS * Tools overview * Desktop Apps * Mobile Apps * Browser Extensions * VT4Browsers 4.0 * API Scripts and client libraries * Batch file downloads * VT Bot FAQ * Frequently Asked Questions * Usage and Quotas * Please give me an API key * How consumption quotas are handled * How can I have access to a higher quota? * What is the difference between the public API and the private API? * File/URL Submissions * What kind of files will VirusTotal scan? * AV product on VirusTotal detects a file and its equivalent commercial version does not * I accidentally uploaded a file with confidential or sensitive information to VirusTotal, can you please delete it? * Should I upload files larger than 650MBs ? * Empty file and VirusTotal uploads * How can I link to the most recent report on a given file or URL? * How can I automate scans? * File from a URL scan was not enqueued for antivirus scanning * Antivirus Products * AV product on VirusTotal detects a file and its equivalent commercial version does not * URL scanner verdict differ from its corresponding antivirus solution * I am experiencing a false positive, my file or site should not be detected. * What does the green circle with a white tick mark icon mean? * Why don't you have statistics comparing antivirus performance? * False Positive Contacts * Searching and Hunting * Intelligence - How do I search for malware detected as X * What is YARA? * VTDiff * How does VTDiff work? * Error - "Need to give exclusion list for filetype" HOW IT WORKS VirusTotal inspects items with over 70 antivirus scanners and URL/domain blocklisting services, in addition to a myriad of tools to extract signals from the studied content. Any user can select a file from their computer using their browser and send it to VirusTotal. VirusTotal offers a number of file submission methods, including the primary public web interface, desktop uploaders, browser extensions and a programmatic API. The web interface has the highest scanning priority among the publicly available submission methods. Submissions may be scripted in any programming language using the HTTP-based public API. As with files, URLs can be submitted via several different means including the VirusTotal webpage, browser extensions and the API. Upon submitting a file or URL basic results are shared with the submitter, and also between the examining partners, who use results to improve their own systems. As a result, by submitting files, URLs, domains, etc. to VirusTotal you are contributing to raise the global IT security level. This core analysis is also the basis for several other features, including the VirusTotal Community: a network that allows users to comment on files and URLs and share notes with each other. VirusTotal can be useful in detecting malicious content and also in identifying false positives -- normal and harmless items detected as malicious by one or more scanners. FREE AND UNBIASED VirusTotal is free to end users for non-commercial use in accordance with our Terms of Service. Though we work with engines belonging to many different organizations, VirusTotal does not distribute or promote any of those third-party engines. We simply act as an aggregator of information. This allows us to offer an objective and unbiased service to our users. MANY CONTRIBUTORS VirusTotal's aggregated data is the output of many different antivirus engines, website scanners, file and URL analysis tools, and user contributions. The file and URL characterization tools we aggregate cover a wide range of purposes: heuristic engines, known-bad signatures, metadata extraction, identification of malicious signals, etc. RAISING THE GLOBAL IT SECURITY LEVEL THROUGH SHARING Scanning reports produced by VirusTotal are shared with the public VirusTotal community. Users can contribute comments and vote on whether particular content is harmful. In this way, users help to deepen the community’s collective understanding of potentially harmful content and identify false positives (i.e. harmless items detected as malicious by one or more scanners). The contents of submitted files or pages may also be shared with premium VirusTotal customers. The file corpus created in VirusTotal provides cybersecurity professionals and security product developers valuable insights into the behaviors of emerging cyber threats and malware. Through our premium services commercial offering, VirusTotal provides qualified customers and anti-virus partners with tools to perform complex criteria-based searches to identify and access harmful files samples for further study. This helps organizations discover and analyze new threats and fashion new mitigations and defenses. REAL-TIME UPDATES Malware signatures are updated frequently by VirusTotal as they are distributed by antivirus companies, this ensures that our service uses the latest signature sets. Website scanning is done in some cases by querying vendor databases that have been shared with VirusTotal and stored on our premises, and in other cases by API queries to an antivirus company's solution. As such, as soon as a given contributor blocklists a URL it is immediately reflected in user-facing verdicts. DETAILED RESULTS VirusTotal not only tells you whether a given antivirus solution detected a submitted file as malicious, but also displays each engine's detection label (e.g., I-Worm.Allaple.gen). The same is true for URL scanners, most of which will discriminate between malware sites, phishing sites, suspicious sites, etc. Some engines will provide additional information, stating explicitly whether a given URL belongs to a particular botnet, which brand is targeted by a given phishing site, and so on. Updated 4 months ago -------------------------------------------------------------------------------- Join Community * Table of Contents * * Free and unbiased * Many contributors * Raising the global IT security level through sharing * Real-time updates * Detailed results