Liberty91 Documentation
Modules
HomeWhat is Liberty91?Getting StartedTutorialsDashboardsModulesThe Threat LibraryCompany Clusters
Modules
HomeWhat is Liberty91?Getting StartedTutorialsDashboardsModulesThe Threat LibraryCompany Clusters
  • Getting Started with Modules
  • The News Module
  • The Telegram Module
  • The Mandiant Module
  • The CrowdStrike Module
  • The Group-IB Module
  • The X (twitter) Module
  • The VirusTotal Module
  • The PassiveTotal Module
  • The FractalScan Module
  • The MISP Module
Powered by GitBook
On this page

The VirusTotal Module

You need a paid VirusTotal subscription to use this module.

PreviousThe X (twitter) ModuleNextThe PassiveTotal Module

Last updated 10 months ago

The VirusTotal Module monitors your yara-rules for you and alerts you of any new hits. Just fill in your API key and Liberty91 will do the rest. Note that Liberty91 will consume a maximum of 2,976 API-calls per month.

You can find your API-key by logging into VirusTotal and click on your name in the top-right of the screen. Your API-key will be available by clicking on “API-key” in the drop-down window.

For this module to work effectively, you should create yara-rules in the VirusTotal Platform, and let Liberty91 do the monitoring for you. To automatically link any events to entities in the threat library, the title or an alias of that threat entity should be included in the rule name. For example, if ‘APT34’ is mentioned in the rule, it will automatically be linked to the appropriate threat actor. You can find more information about creating YARA-rules in VirusTotal HERE.