The VirusTotal Scan URL action iterates over the selected scope
entities, and initiates a request to VirusTotal for each entity whose type is
URL. When finished, the action enriches the URL entities with a VirusTotal
report and also posts the result on the case wall.
An is_risky value is exposed so that you can add further
conditions to the playbook for high-risk URLs. For details on how to use the
Scan Hash action to scan file hashes with VirusTotal, mark entities as
suspicious, and show insights, see the Scan Hash
action for VirusTotal.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-19 UTC."],[],[],null,[]]
