diff --git a/Packs/VirusTotal/Integrations/VirusTotalV3/README.md b/Packs/VirusTotal/Integrations/VirusTotalV3/README.md index f8b6e8e918ec..37f693eceba8 100644 --- a/Packs/VirusTotal/Integrations/VirusTotalV3/README.md +++ b/Packs/VirusTotal/Integrations/VirusTotalV3/README.md @@ -186,6 +186,9 @@ Checks the file reputation of the specified hash. | File.Malicious.Vendor | String | For malicious files, the vendor that made the decision. | | File.Malicious.Detections | Number | For malicious files, the total number of detections. | | File.Malicious.TotalEngines | Number | For malicious files, the total number of engines that checked the file hash. | +| File.Count VT Vendors Which Flagged Malicious | Number | Number of VT vendors which flagged the file as malicious. | +| File.VT Vendors Which Flagged Malicious | Array | VT vendors which flagged the file as malicious. | +| File.VT Detection Names | Array | VT detection names which flagged the file as malicious. | | DBotScore.Indicator | String | The indicator that was tested. | | DBotScore.Type | String | The indicator type. | | DBotScore.Vendor | unknown | The vendor used to calculate the score. | @@ -426,6 +429,9 @@ Checks the reputation of an IP address. | IP.Malicious.Vendor | unknown | For malicious IPs, the vendor that made the decision. | | IP.Malicious.Description | unknown | For malicious IPs, the reason that the vendor made the decision. | | IP.ASOwner | String | The autonomous system owner of the IP. | +| IP.Count VT Vendors Which Flagged Malicious | Number | Number of VT vendors which flagged the IP as malicious. | +| IP.VT Vendors Which Flagged Malicious | Array | VT vendors which flagged the IP as malicious. | +| IP.VT Detection Names | Array | VT detection names which flagged the IP as malicious. | | DBotScore.Indicator | unknown | The indicator that was tested. | | DBotScore.Type | unknown | The indicator type. | | DBotScore.Vendor | unknown | The vendor used to calculate the score. | @@ -656,6 +662,9 @@ Checks the reputation of a URL. | URL.Relationships.EntityBType | String | The type of the destination of the relationship. | | URL.Malicious.Vendor | unknown | For malicious URLs, the vendor that made the decision. | | URL.Malicious.Description | unknown | For malicious URLs, the reason that the vendor made the decision. | +| URL.Count VT Vendors Which Flagged Malicious | Number | Number of VT vendors which flagged the URL as malicious. | +| URL.VT Vendors Which Flagged Malicious | Array | VT vendors which flagged the URL as malicious. | +| URL.VT Detection Names | Array | VT detection names which flagged the URL as malicious. | | DBotScore.Indicator | unknown | The indicator that was tested. | | DBotScore.Type | unknown | The indicator type. | | DBotScore.Vendor | unknown | The vendor used to calculate the score. | @@ -813,6 +822,9 @@ Checks the reputation of a domain. | Domain.Relationships.EntityBType | String | The type of the destination of the relationship. | | Domain.Malicious.Vendor | unknown | For malicious domains, the vendor that made the decision. | | Domain.Malicious.Description | unknown | For malicious domains, the reason that the vendor made the decision. | +| Domain.Count VT Vendors Which Flagged Malicious | Number | Number of VT vendors which flagged the domain as malicious. | +| Domain.VT Vendors Which Flagged Malicious | Array | VT vendors which flagged the domain as malicious. | +| Domain.VT Detection Names | Array | VT detection names which flagged the domain as malicious. | | DBotScore.Indicator | unknown | The indicator that was tested. | | DBotScore.Type | unknown | The indicator type. | | DBotScore.Vendor | unknown | The vendor used to calculate the score. | @@ -2546,3 +2558,14 @@ Get analysis of a private file submitted to VirusTotal. >|Id|Threat Severity Level|Popular Threat Category|Threat Verdict|Status| >|---|---|---|---|---|---|---| >| example-analysis-id | HIGH | trojan | MALICIOUS | completed | + +## VT indicator fields + +3 indicator fields have been added to all indicator types: +- **Count VT Vendors Which Flagged Malicious**. Number. Number of VT vendors which flagged the indicator as malicious. +- **VT Vendors Which Flagged Malicious**. Array. VT vendors which flagged the indicator as malicious. +- **VT Detection Names. Array**. VT detection names which flagged the indicator as malicious. + +To display the new fields in indicators, navigate to `Settings -> Objects Setup -> Indicators -> Types`. Select the desired indicator type, for example, `File`. Click on `Edit` and, under `Custom Fields`, choose the desired field and add the corresponding path. For instance, if you select the `VT Detection Names` field for the `File` indicator type, add the path `File.VT Detection Names`. This will enable the field to be populated in the indicator data. + +Note that the field will not automatically appear in the indicator's layout. To make it visible, go to `Settings -> Objects Setup -> Indicators -> Layouts`, select the desired layout (e.g., `File Indicator`), click `Detach` if needed, and then edit the layout to include the new field. diff --git a/Packs/VirusTotal/ReleaseNotes/2_6_21.md b/Packs/VirusTotal/ReleaseNotes/2_6_21.md new file mode 100644 index 000000000000..00922ab10eab --- /dev/null +++ b/Packs/VirusTotal/ReleaseNotes/2_6_21.md @@ -0,0 +1,7 @@ +#### Integrations + +##### VirusTotal (API v3) +- Add **Count VT Vendors Which Flagged Malicious** field to all indicator types. +- Add **VT Vendors Which Flagged Malicious** field to all indicator types. +- Add **VT Detection Names** field to all indicator types. +- Updated the Docker image to: *demisto/python3:3.11.9.101916*. diff --git a/Packs/VirusTotal/pack_metadata.json b/Packs/VirusTotal/pack_metadata.json index bc6950bdcb76..af49021caf5f 100644 --- a/Packs/VirusTotal/pack_metadata.json +++ b/Packs/VirusTotal/pack_metadata.json @@ -2,7 +2,7 @@ "name": "VirusTotal", "description": "Analyze suspicious hashes, URLs, domains and IP addresses", "support": "partner", - "currentVersion": "2.6.20", + "currentVersion": "2.6.21", "author": "VirusTotal", "url": "https://www.virustotal.com", "email": "contact@virustotal.com",