API Reference

Retrieve historical events about your software collection

get https://www.virustotal.com/api/v3/monitor/events

This endpoint returns historical information about your stored files, including creation, deletion, detections, and clean-ups.

A dictionary with data, links, and meta properties is received.

Events will be listed in dictionary format with the following fields:

Field NameDescriptionPossible Values
actionA keyword describing the action that the event is describingCLEAN
COMMENT
DELETE
DETECTED
UPLOAD
RESOLVED
creator_idUsername. Who uploaded the file.
detailsA list of strings detailing current and previous engine verdicts.Composed of four parts with a ':' separator:

engine
current | last
signature | update | version | malicious | visible


For example:
engine:current:update:20191016
engine:last:signature:
levelSeverity level for the event.0 (lowest) to 4 (highest)
monitor_keyThe key of the monitor item.
owner_idThe group that owns the monitor item.
plaintext_descriptionA space-separated collection of keywords containing sha256, detecting engines, and file names.Not always present
sourceThe action originating or triggering this event.ANALYSIS
FILE
QUOTA
subjectIf applicable, the SHA256 of the file.
timestampTimestamp in the format YYYYMMDDTHH:mm:ss
{
  "data": [
    {
      action: "CLEAN",
      creator_id: "wcoyote",
      details: [
        {
          "v": "engine:current:clean"
        }
      ],
      level: "1",
      monitor_key: "abcdcdcedef928492384==",
      owner_id: "monitor_group_here",
      plaintext_description: "",
      source: "FILE",
      subject: "sha256_here",
      timestamp: "2019-12-31T23:58:58",
    },
    {
      action: "DETECTED",
      creator_id: "wcoyote",
      details: [
        {
          "v": "engine:current:malicious:ENGINE_ONE"
        },
        {
          "v": "engine:current:malicious:ENGINE_TWO"
        },
      ],
      level: "1",
      monitor_key: "abcdcdcedef928492384==",
      owner_id: "monitor_group_here",
      plaintext_description: "ENGINE_ONE <sha256> <filename>",
      source: "ANALYSIS",
      subject: "sha256_here",
      timestamp: "2019-12-31T23:58:58",
    }
  ],
  "links": {
  	"next": "https://www.virustotal.com/api/v3/monitor/events?cursor=ABCDE123456%3D%3D",
    "self": "https://www.virustotal.com/api/v3/monitor/events"
  },
  "meta": {
  	"cursor": "ABCDE123456==",
    "job_id": "foobar"
  }
}
Language
Click Try It! to start a request and see the response here!