topic Re: Integrating VirusTotal with Cortex XDR in Cortex XDR Discussions

Integrating VirusTotal with Cortex XDR

arjun_weeknd — Mon, 27 Mar 2023 08:25:24 GMT

Hi Guys,
In the Artifacts section we are not able to see the VT Score . For this we are manually copying the IP's , Hashes & viewing in the Virustotal console.
Got to know we need to configure the API key but the concern is what data does Cortex XDR submit to VT ?
only hashes , IP's or it will upload the entire file ?
What are the precautions/best practices we need to take & does Cortex submits any sensitive data to Virustotal ?

Re: Integrating VirusTotal with Cortex XDR

fmoixsante — Mon, 27 Mar 2023 13:14:39 GMT

Hi @arjun_weeknd,

Cortex XDR does not upload any information to Virus Total. Cortex XDR does exactly what you do, query VT for hash, domain, ip, etc and shows you the result, if any, for each of the artifacts in the XDR incident.

Re: Integrating VirusTotal with Cortex XDR

VRubio — Tue, 03 Feb 2026 10:49:14 GMT

The issue with the Cortex XDR and VirusTotal integration is that Cortex queries VirusTotal for all IOCs (hashes, URLs, and domains) — including internal ones.
As a result, internal server names can end up being publicly visible on VirusTotal. Palo Alto Networks support has confirmed this behavior.

Re: Integrating VirusTotal with Cortex XDR

T.Nurmi — Wed, 18 Mar 2026 11:43:33 GMT

Is there any updates for this behavior> internal names can end up...

Re: Integrating VirusTotal with Cortex XDR

VRubio — Wed, 18 Mar 2026 18:13:11 GMT

The issue number you can follow with Cortex support is CRTX-225799.