Viewing information from VirusTotal

Use Chronicle's integration with VirusTotal to pivot from finding domains linked to an asset in Chronicle to launching VirusTotal Graph for further investigation.

VirusTotal Graph is a visualization tool built on top of the VirusTotal data set. It analyzes the relationship between files, URLs, domains, IP addresses, and other items encountered. VirusTotal Graph helps to illustrate the interconnections between potentially malicious domains and the assets within your enterprise.

To launch VirusTotal graph from Chronicle:

  1. Search for an asset and pivot to Asset view in the Chronicle user interface.

  2. Click the DOMAINS sidebar list.

    VirusTotal Graph investigates up to the first 50 domains listed on the DOMAINS sidebar. You can adjust the number of domains listed using either the Prevalence or Time sliders.

  3. Click the three-dot menu icon and then the VirusTotal graph to display the graph (see the following figure).

    Icon to open VirusTotal Graph

    VirusTotal Graph icon in Chronicle

    VirusTotal Graph

    VirusTotal Graph