VT Alerts
Alerts allows you to receive notifications on additions and changes in the VirusTotal dataset.
We currently support the following types of alerts:
- Domain alerts
- IP-based alerts
- Brand-based alerts
- Detection Categories
- Use-Case Categories and Detection Categories
Domain alerts
Based on your domain, we’ll monitor events that involve your domain, or any of the URLs under it.
These include:
- Domain has positives
- URL under the domain has positives
- Domain was found in the raw binary body of a file with positives
- A file with positives is communicating with this domain, or with an URL under it
- A file with positives was downloaded from an URL in this domain
- Domain was found as a subdomain of another domain or URL with positives (subdomain abuse)
- Another domain is potentially typosquatting this domain
IP-based alerts
Based on your IP address or range, we’ll monitor events that involve those.
These include:
- IP in the range provided has positives
- URL/Domain resolving to an IP in the range has positives
- IP in the range was found in the raw binary body of a file with positives
- A file with positives is communicating with an IP in the range
- A file with positives was downloaded from an IP in the range
Brand-based alerts
Based on the domain for your brand, and optionally, custom HTML or strings, we’ll monitor events involving those.
These include:
- Similar favicons to your domain’s are used in URLs with positives
- Strings/HTML snippets you provided are found in URLs with positives
All the notifications have the following properties:
- Date and time of match
- Severity
- Type of entity the notification is about (IPs, Domains, URLs, and Files)
- Detection category of the event
- Use-Case category of the event
Detection Categories
Available detection categories are:
- Brand Matching
- Detected Domain
- Detected IP
- Detected URL
- Domain Typosquatting
- Favicon Reuse
- File communicating with Domain
- File communicating with IP
- File communicating with URL
- File downloaded from Domain
- File downloaded from IP
- File downloaded from URL
- Pattern found in raw binary body of file
- Subdomain Abuse
Use-Case Categories and Detection Categories
These are the available use-case categories, with the matching detection categories:
- Corporate Infrastructure Abuse
Which includes the following detection categories:
- Detected domains
- Detected IPs
- Detected URLs
- Detected (domain/URL) in IP range
- Downloaded files
- Communicating files
- Phishing & Counterfeiting
Which includes the following detection categories:
- Domain Typosquatting
- Icon Reuse
- Subdomain Abuse
- Brand Impersonation
Which includes the following detection categories:
- Icon Reuse
- String/HTML matches
- Potential False Positives
Which includes the following detection categories:
- Detected domains, IPs, URLs with just 1 positive
Updated about 1 month ago