08-08-2022 06:05 AM
Hello dear community,
since today we are missing the point of departure virustotal in the APP GUI.
It is not possible to launch this function in the incident anymore. Except via Quick Launcher. Is this a bug or a feature?
BR
Rob
08-20-2022 07:27 AM
Hi @RFeyertag
Just crossing through this question, felt like you still need help on this query.
From XDR 3.4 version, Virus total option will not be displayed in Key Assets and Artifacts section. It will appear only when you have integrated the virus total with API key in XDR Settings as per below article.
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/...
I hope that answers your query.
Please mark this as solution if you find it helpful.
Thank you!
08-08-2022 06:16 AM
Hi @RFeyertag,
Looking into the picture you've sent it doesn't look like you have a proper result from Virustotal and that option will be hidden by default.
Thanks,
Silviu
08-08-2022 07:15 AM
Hello Silviu,
i forgot to mention, that we have not connected virustotal through API. Before 3.4 it was possible to fire the virustotal hashcheck through clicking on VT unknown. Then it opened the Virustotal page.
Is this change somewhere documented?
BR
Rob
08-08-2022 10:08 AM
No, I couldn't find a change being documented so after talking with our Product Management team they have suggested to create a support ticket with our Customer Support team.
08-09-2022 12:28 AM
I noticed the same issue, the Virustotal link is gone from the "Key Assets and Artifacts" view. It is still available in the QuickLauncher menu which is another extra step to investigate a suspicious file.
08-09-2022 02:49 AM
08-09-2022 04:57 AM
my VT is now back today... except It won't let me click on it to hyperlink me to the VT site. yesterday it was missing I have not changed anything.
08-09-2022 06:16 AM
Hey @PeteJacobCF : still no changes, hosted in GER.
08-20-2022 07:27 AM
Hi @RFeyertag
Just crossing through this question, felt like you still need help on this query.
From XDR 3.4 version, Virus total option will not be displayed in Key Assets and Artifacts section. It will appear only when you have integrated the virus total with API key in XDR Settings as per below article.
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/...
I hope that answers your query.
Please mark this as solution if you find it helpful.
Thank you!
08-21-2022 03:22 PM
OK thank you! Do have customers Setup this VT API, even if they do not have an paid VT account?
BR
Rob
08-21-2022 07:30 PM
@Cyber1985
No, I believe its not possible.
Refer below for more details.
https://developers.virustotal.com/reference/overview#search
https://support.virustotal.com/hc/en-us/articles/115002119845-What-is-the-difference-between-the-pub...
I hope that answers your query.
Please mark this as solution if you find it helpful.
Thank you!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
