> For the complete documentation index, see [llms.txt](https://help.radiantsecurity.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.radiantsecurity.ai/radiant-connectors/threat-intelligence-hub/connect-your-own-threat-intelligence/virustotal.md).

# VirusTotal

{% hint style="info" %}
VirusTotal is a client TIS (cTIS) provider. Connecting it adds VirusTotal results to the **Reputation and threat intel** section of the artifact panel during Radiant AI triage. See [Connect your own threat intelligence](/radiant-connectors/threat-intelligence-hub/connect-your-own-threat-intelligence.md) for background on cTIS.
{% endhint %}

VirusTotal is a multi-engine threat intelligence service that analyzes files, URLs, domains, and IPs against 70+ antivirus engines.&#x20;

Once connected, VirusTotal enriches file hash, URL, domain, and IP artifacts during Enrichment.

### Prerequisites

* [ ] You have an active VirusTotal account.&#x20;
* [ ] You know which VirusTotal license tier your account uses (public or premium).

### Create an API key

To create a VirusTotal API key:

1. Sign in to [VirusTotal](https://www.virustotal.com/gui/sign-in).
2. Open your profile menu in the top-right corner and select **API key**.&#x20;

<div align="left"><figure><img src="/files/S5Rikg8ipCUgZUNE4kFa" alt="" width="252"><figcaption></figcaption></figure></div>

3. Reveal and copy the API key (it may be masked by default; click the eye icon to display it). You will paste it into Radiant in the next section.

<figure><img src="/files/OyhVozSCH5uTOSkPEaMF" alt=""><figcaption></figcaption></figure>

### Add VirusTotal to Radiant

{% stepper %}
{% step %}

#### Open the Credentials page

In Radiant, go to **Settings → Credentials**.
{% endstep %}

{% step %}

#### Add a new credential

Click **+ Add Credential**. The Add Credential modal opens to the **Credential Type** step.
{% endstep %}

{% step %}

#### Select VirusTotal

In the **Credential Type** step, select **VirusTotal**. The modal advances to the **Configure** step.
{% endstep %}

{% step %}

#### Configure the credential

Fill in the three fields:

* **Credential Name**: a descriptive name. Use something that identifies the credential's owner or purpose if your team will manage more than one.
* **API Key**: paste the API key you copied above.
* **License Type**: select **public** for free-tier keys or **premium** for paid subscriptions. The info icon next to each option describes what each tier covers.
  {% endstep %}

{% step %}

#### Save the credential

Save the credential. From this point, every triage automatically includes VirusTotal results alongside Radiant's rTIS built-in feeds.
{% endstep %}
{% endstepper %}

### Verify VirusTotal is active

After connecting, the feed is queried on the next triage with an applicable artifact.

To confirm:

1. Open any alert triaged after you saved the credential.
2. Select an applicable artifact (e.g., a file hash).
3. In the artifact panel, scroll to the **Reputation and threat intel** section.

Results from VirusTotal appear as cards with your tenant name on the sub-label line.

<figure><img src="/files/LfS4oZSBjP3h9Ngixl0h" alt=""><figcaption></figcaption></figure>

Click the icon in the top-right corner of a VirusTotal card to open the sub-drawer, which includes a **View in VirusTotal** button that opens the matching report on the provider's site.

For more on the card types and how to read them, see [Built-in threat intelligence feeds](/radiant-connectors/threat-intelligence-hub/built-in-threat-intelligence-feeds.md).


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/threat-intelligence-hub/connect-your-own-threat-intelligence/virustotal.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.