Update readme and release notes

VirusTotal · Jul 9, 2024 · f2a6b9d · f2a6b9d
1 parent 7a3460d
commit f2a6b9d
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 1 deletion.
diff --git a/Packs/VirusTotal/Integrations/VirusTotalV3/README.md b/Packs/VirusTotal/Integrations/VirusTotalV3/README.md
@@ -186,6 +186,9 @@ Checks the file reputation of the specified hash.
 | File.Malicious.Vendor | String | For malicious files, the vendor that made the decision. |
 | File.Malicious.Detections | Number | For malicious files, the total number of detections. |
 | File.Malicious.TotalEngines | Number | For malicious files, the total number of engines that checked the file hash. |
+| File.Count VT Vendors Which Flagged Malicious | Number | Number of VT vendors which flagged the file as malicious. |
+| File.VT Vendors Which Flagged Malicious | Array | VT vendors which flagged the file as malicious. |
+| File.VT Detection Names | Array | VT detection names which flagged the file as malicious. |
 | DBotScore.Indicator | String | The indicator that was tested. |
 | DBotScore.Type | String | The indicator type. |
 | DBotScore.Vendor | unknown | The vendor used to calculate the score. |
@@ -426,6 +429,9 @@ Checks the reputation of an IP address.
 | IP.Malicious.Vendor | unknown | For malicious IPs, the vendor that made the decision. | 
 | IP.Malicious.Description | unknown | For malicious IPs, the reason that the vendor made the decision. | 
 | IP.ASOwner | String | The autonomous system owner of the IP. | 
+| IP.Count VT Vendors Which Flagged Malicious | Number | Number of VT vendors which flagged the IP as malicious. | 
+| IP.VT Vendors Which Flagged Malicious | Array | VT vendors which flagged the IP as malicious. | 
+| IP.VT Detection Names | Array | VT detection names which flagged the IP as malicious. | 
 | DBotScore.Indicator | unknown | The indicator that was tested. | 
 | DBotScore.Type | unknown | The indicator type. | 
 | DBotScore.Vendor | unknown | The vendor used to calculate the score. | 
@@ -656,6 +662,9 @@ Checks the reputation of a URL.
 | URL.Relationships.EntityBType | String | The type of the destination of the relationship. |
 | URL.Malicious.Vendor | unknown | For malicious URLs, the vendor that made the decision. |
 | URL.Malicious.Description | unknown | For malicious URLs, the reason that the vendor made the decision. |
+| URL.Count VT Vendors Which Flagged Malicious | Number | Number of VT vendors which flagged the URL as malicious. |
+| URL.VT Vendors Which Flagged Malicious | Array | VT vendors which flagged the URL as malicious. |
+| URL.VT Detection Names | Array | VT detection names which flagged the URL as malicious. |
 | DBotScore.Indicator | unknown | The indicator that was tested. |
 | DBotScore.Type | unknown | The indicator type. |
 | DBotScore.Vendor | unknown | The vendor used to calculate the score. |
@@ -813,6 +822,9 @@ Checks the reputation of a domain.
 | Domain.Relationships.EntityBType | String | The type of the destination of the relationship. |
 | Domain.Malicious.Vendor | unknown | For malicious domains, the vendor that made the decision. |
 | Domain.Malicious.Description | unknown | For malicious domains, the reason that the vendor made the decision. |
+| Domain.Count VT Vendors Which Flagged Malicious | Number | Number of VT vendors which flagged the domain as malicious. |
+| Domain.VT Vendors Which Flagged Malicious | Array | VT vendors which flagged the domain as malicious. |
+| Domain.VT Detection Names | Array | VT detection names which flagged the domain as malicious. |
 | DBotScore.Indicator | unknown | The indicator that was tested. |
 | DBotScore.Type | unknown | The indicator type. |
 | DBotScore.Vendor | unknown | The vendor used to calculate the score. |
@@ -2546,3 +2558,14 @@ Get analysis of a private file submitted to VirusTotal.
 >|Id|Threat Severity Level|Popular Threat Category|Threat Verdict|Status|
 >|---|---|---|---|---|---|---|
 >| example-analysis-id | HIGH | trojan | MALICIOUS | completed |
+
+## VT indicator fields
+
+3 indicator fields have been added to all indicator types:
+- **Count VT Vendors Which Flagged Malicious**. Number. Number of VT vendors which flagged the indicator as malicious.
+- **VT Vendors Which Flagged Malicious**. Array. VT vendors which flagged the indicator as malicious.
+- **VT Detection Names. Array**. VT detection names which flagged the indicator as malicious.
+
+To display the new fields in indicators, navigate to `Settings -> Objects Setup -> Indicators -> Types`. Select the desired indicator type, for example, `File`. Click on `Edit` and, under `Custom Fields`, choose the desired field and add the corresponding path. For instance, if you select the `VT Detection Names` field for the `File` indicator type, add the path `File.VT Detection Names`. This will enable the field to be populated in the indicator data.
+
+Note that the field will not automatically appear in the indicator's layout. To make it visible, go to `Settings -> Objects Setup -> Indicators -> Layouts`, select the desired layout (e.g., `File Indicator`), click `Detach` if needed, and then edit the layout to include the new field.
diff --git a/Packs/VirusTotal/ReleaseNotes/2_6_21.md b/Packs/VirusTotal/ReleaseNotes/2_6_21.md
@@ -0,0 +1,7 @@
+#### Integrations
+
+##### VirusTotal (API v3)
+- Add **Count VT Vendors Which Flagged Malicious** field to all indicator types.
+- Add **VT Vendors Which Flagged Malicious** field to all indicator types.
+- Add **VT Detection Names** field to all indicator types.
+- Updated the Docker image to: *demisto/python3:3.11.9.101916*.
diff --git a/Packs/VirusTotal/pack_metadata.json b/Packs/VirusTotal/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "VirusTotal",
     "description": "Analyze suspicious hashes, URLs, domains and IP addresses",
     "support": "partner",
-    "currentVersion": "2.6.20",
+    "currentVersion": "2.6.21",
     "author": "VirusTotal",
     "url": "https://www.virustotal.com",
     "email": "[email protected]",