# The VirusTotal Module

The VirusTotal Module monitors your yara-rules for you and alerts you of any new hits. Just fill in your API key and Liberty91 will do the rest. Note that Liberty91 will consume a maximum of 2,976 API-calls per month.

{% hint style="info" %}
Find your API-key by going to <https://www.virustotal.com/>, then click on your username in the topright of the screen, and select API-key in the drop-down menu.&#x20;

<img src="/files/Hx4zRRnLQXtuieXKrf6n" alt="Click on API-key" data-size="original">

You will be able to see your API-key use here. Your actual key is blurred, but you can unblur by clicking on the eye. You don't actually need to though: just click on the 'copy' icon next to the eye icon, and it will be stored in your clipboard.

<img src="/files/09P3IkO5FiR0vRp86i1L" alt="" data-size="original">

Next, go to <https://platform.liberty91.com/modules> and select the VirusTotal Module from the Collection Modules.
{% endhint %}

For this module to work effectively, you should create yara-rules in the VirusTotal Platform, and let Liberty91 do the monitoring for you. To automatically link any events to entities in the threat library, the title or an alias of that threat entity should be included in the rule name. For example, if ‘APT34’ is mentioned in the rule, it will automatically be linked to the appropriate threat actor. You can find more information about creating YARA-rules in VirusTotal [HERE](https://support.virustotal.com/hc/en-us/articles/9853517705117-Crowdsourced-YARA-rules-dashboard).

<figure><img src="/files/7d7AgWoFVTCuiGXfG2e7" alt="" width="375"><figcaption></figcaption></figure>

Now any future hits on any of your LiveHunts will be imported as an event into Liberty91.

If you also want to import Threat Intelligence reports (recommended!), please use the [Google Threat Intelligence Module](/modules/collection-modules/the-google-threat-intelligence-module.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.liberty91.com/modules/collection-modules/the-virustotal-module.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.