lhs-panel Click here to expand


Note: VirusTotal is one of the largest live threat feeds that consolidates risk scores of IPs, URLs, Domains, and files from a wide range of security vendors. This integration in EventLog Analyzer follows the Bring Your Own Key(BYOK) model. If you have bought VirusTotal access separately, you can use your API key and analyze threat sources in EventLog Analyzer.


Once you have purchased the Advanced Threat Analytics add-on and applied the license, head to the Advanced Threat Analytics page.

Navigation: Settings → Admin Settings → Management→ Threat Feeds→Advanced Threat Analytics → VirusTotal → Integrate


To get the API key:

  1. Visit https://www.virustotal.com and sign up for a VirusTotal account.
  2. Sign in to VirusTotal and find your API key and go to your Username→ Settings→API Key.
  3. Use the API Key provided by VirusTotal for integrating with EventLog Analyzer.
  4. virustotal

  5. Paste the API key and click on Connect to finish configuring VirusTotal.
  6. virustotal


In EventLog Analyzer, users can access the data from VirusTotal through the Incident Workbech. Learn how to invoke the Incident Workbench from different dashboards of EventLog Analyzer.


Select any IP, URL, or Domain to analyze in the Workbench. You can access the following data:

  • VirusTotal Info

    This section contains the Detection Score of the Threat Source, which is the number of security vendors who have flagged the source as risky out of all the security vendors. Along with this, the basic details and the geo info of the Threat Source are also available.



    Click on the search icon in the top left corner to filter based on Security Vendor, Analysis Category, and Analysis Result.


    Here are the Analysis Categories:

    • Malicious
    • Suspicious
    • Harmless
    • Undetected
    • Timeout


  • Whois Info

    This section contains the Whois information of the threat source domain.


  • SSL Certificate

    This section contains details of the SSL certificate issued to the Threat Source and who issued it.


  • Related Files

    This section maps the relationship of the files to the IP address in following ways:

    • Files communicating with the IP address
    • Files downloaded from the IP address
    • Files containing the IP address



  • Resolutions

    This section is the past and current IP resolutions for a particular domain.


Copyright © 2020, ZOHO Corp. All Rights Reserved.

Get download link