VirusTotal Integration
Overview
VirusTotal integration provides automated threat detection for monitored platforms. The system periodically scans platform URLs using the VirusTotal API, analyzes results from multiple antivirus vendors, and automatically generates alerts when threats are detected.
Configuration Setup
API Configuration
Required Settings:
-
API Key - VirusTotal authentication key
-
Scan Frequency - Automated scanning interval (configurable)
-
Available Scan Frequencies: - 1 to 7 days
Configuration Steps:
-
Navigate to Config > Integration and click VirusTotal’s configure button (https://oju.example.com/config/integrations)
-
Enter valid VirusTotal API key
-
Select desired scan frequency
-
Activate integration
Scanning Operations
Automated Scanning Process
Scan Execution:
-
Periodic scanning based on configured frequency
-
All active platforms included in scan cycle
-
Sequential processing with rate limiting
-
Comprehensive vendor analysis collection
Scan Workflow:
-
Retrieve list of active platforms
-
Submit URLs to VirusTotal API
-
Collect multi-vendor analysis results
-
Process threat detection responses
-
Generate alerts for detected threats
Antivirus Vendor Management
Local Vendor Database
Vendor Information Storage:
-
Name - Antivirus vendor name (case-sensitive)
-
Contact - Primary contact information
-
Comments - Additional notes and details
Critical Requirement:
-
Vendor names must match VirusTotal exactly (case-sensitive)
-
Missing vendors result in limited alert information
-
Regular database updates recommended
-
Accurate vendor contact information essential
Database Management:
-
Navigate to Vendor
-
Add new vendor with exact name matching VirusTotal
-
Include complete contact information
-
Verify case-sensitive name accuracy
-
Save vendor information for alert enrichment
VirusTotal integration enhances Oju security monitoring by providing automated threat detection, comprehensive vendor analysis, and coordinated incident response for security threats across monitored platforms.