Sha256: 4b93b6a799fe3fb2617a5470c9620454dab839584e7fe0641efca1f9c8d8d5f6
Contents?: true
Size: 969 Bytes
Versions: 1
Compression:
Stored size: 969 Bytes
Contents
---
tags:
- IP address
- Domain
- Passive DNS
---
# VirusTotal
- [https://www.virustotal.com](https://www.virustotal.com/gui/home/search)
The analyzer uses VirusTotal API v3.
An API endpoint to use is changed based on a type of a query.
::: top
Note that this analyzer only checks passive DNS data of a given query (domain or IP address).
| Query | API endpoint | Artifact |
| ---------- | ----------------------- | ---------- |
| IP address | `/api/v3/ip_addresses/` | Domain |
| Domain | `/api/v3/domains/` | IP address |
```yaml
analyzer: virustotal
query: ...
api_key: ...
```
| Name | Type | Required? | Default | Desc. |
| ------- | ------ | --------- | ------------------------- | -------------------- |
| query | String | Yes | | Domain or IP address |
| api_key | String | No | ENV[ā€¯VIRUSTOTAL_API_KEY"] | API key |
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| mihari-5.4.5 | docs/analyzers/virustotal.md |