List of VT Integrations

VirusTotal is the richest and most actionable crowdsourced threat intelligence suite. More than 3.6M users a month and tens of thousands of organizations world-wide rely on its threat reputation and context to be safer. Its popularity is such that most 3rd-party security technologies have built off-the-shelf turnkey integrations with our API, powering use cases such as automatic alert triage, event enrichment, false positive discarding, 2nd opinion detection and other threat detections and response flows. Some (not all) of these ubiquitous integrations are listed below, if you would like to ask about some other product or add an entry to this listing please do not hesitate to contact us.

SOAR Platforms

Palo Alto Cortex XSOAR (Demisto)

πŸš€ See content packs

πŸ“– Integrating Cortex XSOAR and VirusTotal for maximum incident response and investigation

πŸ“Ί Cortex XSOAR VirusTotal Livehunt threat feeds

ℹ️ Build a champion SOC with VirusTotal and Palo Alto Cortex XSOAR

Splunk SOAR (Phantom)

πŸš€ Download the integration in Splunkbase

πŸ“– Learn about the integration in the official Splunk documentation site

πŸ“Ί Create playbooks using VirusTotal enrichment

ℹ️ Import a playbook example to enrich your indicators

Chronicle SOAR (Siemplify)

πŸš€ Add VirusTotal from your Chronicle SOAR Integration Marketplace

πŸ“– Learn about the integration in the official Chronicle SOAR documentation site

πŸ“Ί Create playbooks using VirusTotal enrichment


πŸš€ Download the VirusTotal plugin from Swimlane's Apphub

πŸ“– Understand the plugin from the official documentation

πŸ“Ί Watch how VirusTotal leverages your Swimlane experience!


πŸš€ Download the VirusTotal integration from the ServiceNow store

πŸ“– Set up the VirusTotal integration and start enriching with Threat Intelligence

πŸ“Ί In this recording you can find the steps to set VirusTotal up in ServiceNow

IBM Qradar SOAR (Resilient)

πŸš€ Download from IBM's App Exchange

πŸ“– Improve your playbooks following the official documentation


πŸš€ Improve your Incident Response with the VirusTotal integration

Logpoint SOAR

πŸš€ Configure the VirusTotal integration in your Logpoint instance

πŸ“– Check some playbook examples using VT such as email investigation or phishing response

Securonix SOAR

πŸš€ Automate secops connecting the VirusTotal integration

Rapid7 InsightConnect

πŸš€ Install the VirusTotal and VirusTotal YARA extensions to improve and automate your detection

πŸ“– Empower your playbooks using VirusTotal intelligence


πŸš€ Cortex analyzer allowing you to enrich and scan any IoC kind

Fortinet FortiSOAR

πŸš€ See VirusTotal standard connector

πŸš€ See VirusTotal Premium connector

πŸ“– Read the pertinent connector documentation.

πŸ“Ί See how VirusTotal can supercharge phishing response in conjunction with FortiSOAR.

SIEM/XDR/TDR/Security Analytics Platforms


πŸš€ Contact us to empower Chronicle with VirusTotal Intelligence

πŸ“– Learn about the advantages of combining Chronicle and VirusTotal

VT4SPlunk, the official VirusTotal Splunk Integration

πŸš€ Start unearthing threats, vulnerabilities and Threat Actors from your Splunk events

πŸ“– Learn about the insights VT4Splunk is going to bring to your Splunk

πŸ“Ί Watch how to set it up and how it looks

Microsoft Sentinel

πŸš€ Activate the VirusTotal connector from the Sentinel marketplace

πŸ“– Check what the VirusTotal connector is capable of

πŸ“Ί Create playbooks using VirusTotal reports

ℹ️ Automate your Sentinel incident triage

Palo Alto Cortex XDR

πŸš€ Configure the VirusTotal Threat Intel integration following the official guide

πŸ“– Investigate Incident key assets and artifacts

Cisco SecureX

πŸš€ Follow these steps to integrate VT with SecureX

πŸ“Ί Start enriching your indicators with VirusTotal

IBM Qradar

πŸš€ Get the latest VT Integration for Qradar from IBM's App Exchange

πŸ“– Enrich your IOCs in Qradar following the official documentation

Securonix Snypr

πŸš€ Contact us to get an API key to configure automatic response with VirusTotal

πŸ“– Run enhanced playbooks


πŸš€ Configure the VirusTotal integration in your Logpoint instance

πŸ“– Enhance your threat hunting with VirusTotal + Logpoint


πŸš€ Follow these steps to configure the VT integration

πŸ“– Learn how the VirusTotal integration can be used for scanning files

ℹ️ Detect and remove malware

Fortinet FortiSIEM

πŸš€ Follow these steps to configure the VT integration

EDRs / EPPs / Nextgens / AVs / Endpoint Agents


πŸš€ Get the official VirusTotal integration!

πŸ“– Understand how VirusTotal enhances your experience in Crowdstrike

πŸ“Ί Watch how to augment your Incident Response

ℹ️ Use VirusTotal to automate your SOC workflow

McAfee / Trellix

πŸš€ Create and import a malicious file hash feed

πŸš€ Enhance your Threat Intelligence Exchange server with VirusTotal enrichment


πŸš€ When investigating a file, send it to VirusTotal to gather context

πŸ“Ί Watch how to use VirusTotal as a second opinion


πŸš€ Overlay IoC reputation for processes and other artifacts recorded by Tanium

πŸ“Ί Watch how to identify risk in your Enterprise by checking Tanium data against VirusTotal

TIP Platorms


πŸš€ Get the VirusTotal import module

πŸ“– Check how to export and import VT Collections to MISP to empower your investigation!

Anomali Threatstream

πŸš€ Find the VirusTotal threat analysis tool in Anomali's marketplace

πŸ“– Learn how to set the VT integration up and what capabilities it offers

Email gateways / Mailbox defense / Phishing email analysis

KnowBe4 Phisher

πŸš€ Enhance your phishing protection with VirusTotal


πŸš€ Follow the guide to automate your Incident Response with VirusTotal

SASE / Secure DNS

Cloudflare One

πŸš€ Use threat intelligence from VirusTotal to create rules within Cloudflare products


πŸš€ Follow these simple steps and enrich your logs

Network perimeter

Broadcom Content Analysis

πŸ“– Supercharge malware analysis by activating the VirusTotal service



πŸš€ Generate hash values for all tagged files and send the hash value to VirusTotal for scoring

Productivity Suites

Google Workspace Alert Center

πŸš€ View VirusTotal reports from the alert center

πŸ“– Check how VirusTotal enriches your alerts

ℹ️ Gmail events are also enriched with VirusTotal!


Is your platform missing?

This list is not exhaustive, contact us to see if we support it or check VT4Browsers, our pragmatic browser extension that will enrich every indicator displayed in any platform!