Missing function Virus Total check

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Missing function Virus Total check

L4 Transporter

Hello dear community, 

 

since today we are missing the point of departure virustotal in the APP GUI.

It is not possible to launch this function in the incident anymore. Except via Quick Launcher. Is this a bug or a feature?

 

RFeyertag_0-1659963855040.png

 

BR

 

Rob

 

1 accepted solution

Accepted Solutions

L3 Networker

Hi @RFeyertag 
Just crossing through this question, felt like you still need help on this query.

From XDR 3.4 version, Virus total option will not be displayed in Key Assets and Artifacts section. It will appear only when you have integrated the virus total with API key in XDR Settings as per below article.

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/...

I hope that answers your query.
Please mark this as solution if you find it helpful.
Thank you!

View solution in original post

10 REPLIES 10

L3 Networker

Hi @RFeyertag,

 

Looking into the picture you've sent it doesn't look like you have a proper result from Virustotal and that option will be hidden by default.

 

Thanks,

Silviu

Silviu-Mihail Dascalu

Hello Silviu, 

 

i forgot to mention, that we have not connected virustotal through API. Before 3.4 it was possible to fire the virustotal hashcheck through clicking on VT unknown. Then it opened the Virustotal page. 

Is this change somewhere documented?

BR

 

Rob

L3 Networker

No, I couldn't find a change being documented so after talking with our Product Management team they have suggested to create a support ticket with our Customer Support team.

Silviu-Mihail Dascalu

L2 Linker

I noticed the same issue, the Virustotal link is gone from the "Key Assets and Artifacts" view. It is still available in the QuickLauncher menu which is another extra step to investigate a suspicious file. 

Hi have you checked if you have the VT key properly configured ? KR Luis

L3 Networker

my VT is now back today... except It won't let me click on it to hyperlink me to the VT site. yesterday it was missing I have not changed anything.

Hey @PeteJacobCF : still no changes, hosted in GER. 

L3 Networker

Hi @RFeyertag 
Just crossing through this question, felt like you still need help on this query.

From XDR 3.4 version, Virus total option will not be displayed in Key Assets and Artifacts section. It will appear only when you have integrated the virus total with API key in XDR Settings as per below article.

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/...

I hope that answers your query.
Please mark this as solution if you find it helpful.
Thank you!

OK thank you! Do have customers Setup this VT API, even if they do not have an paid VT account? 

 

BR

 

Rob

L3 Networker

@Cyber1985 
No, I believe its not possible.
Refer below for more details.
https://developers.virustotal.com/reference/overview#search

https://support.virustotal.com/hc/en-us/articles/115002119845-What-is-the-difference-between-the-pub...

I hope that answers your query.
Please mark this as solution if you find it helpful.
Thank you!

  • 1 accepted solution
  • 3258 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!