Sha256: b979d0d454d6879ef3a20f32431090a57566672c03dcb25847d13bab9b605fff
Contents?: true
Size: 912 Bytes
Versions: 1
Compression:
Stored size: 912 Bytes
Contents
---
tags:
- IP address
- Domain
- Passive DNS
---
# VirusTotal
- [https://www.virustotal.com](https://www.virustotal.com/gui/home/search)
This analyzer uses VirusTotal API v3.
An API endpoint to use is changed based on a type of a query.
::: top
Note that this analyzer only checks passive DNS data of a given query (domain or IP address).
| Query | API endpoint | Artifact |
| ---------- | ----------------------- | ---------- |
| IP address | `/api/v3/ip_addresses/` | Domain |
| Domain | `/api/v3/domains/` | IP address |
```yaml
analyzer: virustotal
query: ...
api_key: ...
```
## Components
### Analyzer
`analyzer` (`string`) should be either of `virustoal` and `vt`.
### Query
`query` (`string`) is a passive DNS search query. Domain or IP address.
### API Key
`api_key` (`string`) is an API key. Optional. Defaults to `ENV[ā€¯VIRUSTOTAL_API_KEY"]`.
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| mihari-5.6.0 | docs/analyzers/virustotal.md |