Build a Champion SOC with Best in Class Threat Intelligence from VirusTotal and Cortex XSOAR

Feb 08, 2022
3 minutes
... views

The quest to best protect an organization requires several top-of-the-line weapons for an analyst to wield. To handle the daily torrent of alerts and threats, security teams need access to the sharpest, most up-to-date threat intelligence to provide the missing critical pieces of information like files, URLs, domains, and more.  Unfortunately, security teams rarely have the time or resources to maintain a full arsenal of rich, ingestible intelligence. 

To provide security teams with the best tools to combat threat actors, VirusTotal and Cortex XSOAR are excited to streamline threat intelligence through the Cortex XSOAR Marketplace. As one of the largest threat intelligence services in the world, VirusTotal is expanding its research, enrichment, and malware hunting capabilities to the industry leading security automation, orchestration, and response platform. This provides mutual customers with easily searchable crowdsourced intelligence directly within the award winning platform for unified case management, automation, and real time collaboration.  

With one click installation, your security team can easily and accurately pull the necessary context to eradicate threats in your system. Subscribe to VirusTotal from the XSOAR Marketplace to access the VirusTotal API directly for important context regarding your incident response and alert management. With powerful orchestration from Cortex XSOAR, your SOC can create custom threat feeds and very easily plug them straight into your security stack to search for both current and retroactive breaches. 

VirusTotal offers four content packs each with a monthly allotment of lookups. Starter gives 5,000 lookups per month, Respond gives 150,000, Enrich gives 1 million, and Triage gives 100 million. Leverage these powerful solutions to seamlessly enrich  your alerts with cost-effective confidence. Furthermore, detection is driven by the real-time view of the threat landscape as seen by VirusTotal, powered by millions of users each month. This unparalleled enrichment provides confident, accurate context for unrivaled global visibility into threats.

Let’s take a look at why these packs are critical for your security program.

With Cortex XSOAR as your champion and VirusTotal as the sharpened blade, your SOC will decimate threats and reduce analyst strain. Together, VirusTotal and Cortex XSOAR enable your security and IT teams to discover context and solve incidents in a cost effective way. VirusTotal’s platform integrates intelligence from more than 100 different security vendors for incident response, forensic analysis, advanced hunting, and more.

The VirusTotal content packs enables you to:

  • Orchestrate custom threat feeds through Cortex XSOAR to perform live detection and launch retroactive threat hunts from your SIEM or historical log archives.
  • Leverage improved and early detection with crowdsourced threat reputation for files, domains, IPs, and URLs.
  • Streamline your alert triage process with prioritized SOC alerts based on severity and threat categories.
  • Inform your EDR platform by feeding it highly relevant and undetected threats identified by VirusTotal YARA.  

Learn More

Check out the four VirusTotal content packs to discover which one is right for you. You can also try one for free through the Cortex XSOAR Marketplace platform. 

New to Cortex XSOAR? Download the Community Edition to discover how VirusTotal and XSOAR can work for you! 

Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.