Ctrlk
ProductBook a demoOpen app
linkedinyoutube

VirusTotal

Connect VirusTotal to Radiant as client TIS (cTIS) so file, URL, domain, and IP results enrich every alert.

VirusTotal is a client TIS (cTIS) provider. Connecting it adds VirusTotal results to the Reputation and threat intel section of the artifact panel during Radiant AI triage. See Connect your own threat intelligence for background on cTIS.

VirusTotal is a multi-engine threat intelligence service that analyzes files, URLs, domains, and IPs against 70+ antivirus engines.

Once connected, VirusTotal enriches file hash, URL, domain, and IP artifacts during Enrichment.

Prerequisites

Create an API key

To create a VirusTotal API key:

  1. Sign in to VirusTotal.

  2. Open your profile menu in the top-right corner and select API key.

  1. Reveal and copy the API key (it may be masked by default; click the eye icon to display it). You will paste it into Radiant in the next section.

Add VirusTotal to Radiant

1

Open the Credentials page

In Radiant, go to Settings → Credentials.

2

Add a new credential

Click + Add Credential. The Add Credential modal opens to the Credential Type step.

3

Select VirusTotal

In the Credential Type step, select VirusTotal. The modal advances to the Configure step.

4

Configure the credential

Fill in the three fields:

  • Credential Name: a descriptive name. Use something that identifies the credential's owner or purpose if your team will manage more than one.

  • API Key: paste the API key you copied above.

  • License Type: select public for free-tier keys or premium for paid subscriptions. The info icon next to each option describes what each tier covers.

5

Save the credential

Save the credential. From this point, every triage automatically includes VirusTotal results alongside Radiant's rTIS built-in feeds.

Verify VirusTotal is active

After connecting, the feed is queried on the next triage with an applicable artifact.

To confirm:

  1. Open any alert triaged after you saved the credential.

  2. Select an applicable artifact (e.g., a file hash).

  3. In the artifact panel, scroll to the Reputation and threat intel section.

Results from VirusTotal appear as cards with your tenant name on the sub-label line.

Click the icon in the top-right corner of a VirusTotal card to open the sub-drawer, which includes a View in VirusTotal button that opens the matching report on the provider's site.

For more on the card types and how to read them, see Built-in threat intelligence feeds.

PreviousConnect your own threat intelligenceNextData Connectors

Last updated

Was this helpful?