searchInVirusTotal

searchInVirusTotalAction(parsers={}, supportedType={'ip', 'domain', 'md5', 'sha1', 'sha256'}, complex_param=DEFAULT_PARAMS)

Bases: actionInterface

Search ip, domain, MD5, SHA1 and SHA256 with the Virus Total API. Results are returned in JSON format. The configuration should be passed in the config file.

A parameter could be passed :

- `Relationships` a list of relationships to query, be carreful each additionnal relationship consume an API credit. For each observable results will be added under `$.data.<relationship_name>` key and thus specific fields of relationship could be retrievedwith `$.relationships.relationship_name.<path>` thanks to the `Analysis fields` parameter

A configuration is neeeded :

VirusTotal:
- api_key: <VT API Key>