Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an App
VirusTotal App app icon

VirusTotal App

VirusTotal App for Splunk is a custom search command that enables analysts to validate the reputation of file hashes (MD5, SHA-1, SHA-256) directly from Splunk by querying VirusTotal's file report API. Ideal for threat hunting, alert enrichment, and IOC investigations, this lightweight app integrates seamlessly with Splunk Enterprise and Splunk Cloud to provide real-time access to threat intelligence without uploading files or triggering new scans. Key Features - Queries the VirusTotal file report API based on file hashes - Supports MD5, SHA-1, and SHA-256 hash formats - Shows information such as file names, extensions, categorizations, tags, detection details by antivirus engines, and much more - Support for configuring the VirusTotal API key through a user-friendly interface - Custom SPL command easy to integrate into searches - Public and private API key support - Designed to work efficiently within automated alert enrichment pipelines - Fully compatible with Splunk Enterprise and Splunk Cloud

Built by Iván Fernández
splunk product badge
Latest Version 1.0.0
June 13, 2025
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0
Rating

0

(0)

Log in to rate this app
Support
VirusTotal App support icon
Developer Supported app
Ranking

#41

in Reputation
VirusTotal App for Splunk is a custom search command that enables analysts to validate the reputation of file hashes (MD5, SHA-1, SHA-256) directly from Splunk by querying VirusTotal's file report API. Ideal for threat hunting, alert enrichment, and IOC investigations, this lightweight app integrates seamlessly with Splunk Enterprise and Splunk Cloud to provide real-time access to threat intelligence without uploading files or triggering new scans. Key Features - Queries the VirusTotal file report API based on file hashes - Supports MD5, SHA-1, and SHA-256 hash formats - Shows information such as file names, extensions, categorizations, tags, detection details by antivirus engines, and much more - Support for configuring the VirusTotal API key through a user-friendly interface - Custom SPL command easy to integrate into searches - Public and private API key support - Designed to work efficiently within automated alert enrichment pipelines - Fully compatible with Splunk Enterprise and Splunk Cloud

Categories

Created By

Iván Fernández

Type

app

Downloads

5

Licensing

Splunk Answers

Resources

Login to report this app listing