An Alerts Event describes an interaction, event, or relationship seen anywhere in VirusTotal.
It will contain one and only one of the following properties:
-
url_sighting: Describes an Event noticing an URL in VirusTotal. Contains the following properties:url: <UrlEntity> The URL observed.domain: <DomainEntity> The Domain the URL is in.resolutions: <list of IpEntity> The IPs the domain resolves to.embedded_in_file: <FileEntity> The File that contains the URL in the raw binary body (embedded).
-
file_download: Describes an Event noticing a file being downloaded. Contains the following properties:from_url: <UrlEntity> The URL from where the file was downloaded.from_domain: <DomainEntity> The Domain from where the file was downloaded.resolutions: <list of IpEntity> The IPs the URL resolves to.downloaded_file: <FileEntity> The File that was downloaded.
-
file_contacting: Describes an Event noticing a file contacting or calling an URL, Domain, or IP. Contains the following properties:file_contacting: <FileEntity> The file contacting.url_contacted: <UrlEntity> The URL contacted.ip_contacted: <IpEntity> The IP address contacted.domain_contacted: <DomainContacted> The Domain contacted.
-
domain_sighting: Describes an Event noticing a Domain in VirusTotal. Contains the following properties:domain: <DomainEntity> The Domain observed.resolutions: <list of IpEntity> The IPs the domain resolves to.embedded_in_file: <FileEntity> The File that contains the domain embedded in.
-
domain_whois: Describes an Event noticing WHOIS information. Contains the following properties:domain: <DomainEntity> The Domain observed.info: <string> The WHOIS information.
-
ip_sighting: Describes an event noticing an IP address in VirusTotal. Contains the following properties:ip: <IpEntity> The IP address observed.embedded_in_file: <FileEntity> The File that contains the IP address in the raw binary body (embedded).