Skip to main content
Skip table of contents

VirusTotal v3

LAST UPDATED: AUG 5, 2025

Overview

VirusTotal is a threat intelligence platform that can aggregate multiple antivirus products and online scan engines to check for viruses that a user's antivirus may have otherwise missed, or verify against any false positives. VirusTotal API version 3 is now the default and the recommended method to integrate and interact with VirusTotal. It greatly improves API version 2, which, for the time being, will not be deprecated. The new version has improved greatly compared to the version 2 of the VirusTotal, which is still available for use at the time this document was written. While some of the endpoints and features are provided to users of the public API, many are restricted to premium users only.

D3 SOAR is providing REST operations to function with VirusTotal V3.

VirusTotal V3 is available for use in:

D3 SOAR

V14.0.199.0+

Category

Threat Intelligence

Deployment Options

Option II, Option IV

Known Limitations

VirusTotal’s public API is a free service. Public API constraints and restrictions:

  • The Public API is limited to 500 requests per day and a rate of 4 requests per minute.

  • The Public API must not be used in commercial products or services.

  • The Public API must not be used in business workflows that do not contribute new files.

  • You are not allowed to register multiple accounts to overcome the aforementioned limitations.

Refer to Public vs Premium API from VirusTotal’s documentation for more details about the limitations of the public API compared to the premium API.

Connection

To connect to VirusTotal V3 from D3 SOAR, please follow this part to collect the required information below:

Parameter

Description

Example

Server URL

The VirusTotal server URL.

https://www.virustotal.com

API Key

The VirusTotal API key to authenticate the API connection.

0b5*****8e5

API Version

The API version to use for the API connection.

v3

Permission Requirements

VirusTotal provides both a Public API and a Premium API. The public API is a free service, available for any website or application that is free to consumers. The premium API will be paid, but has no constraints and limitations. D3 SOAR’s commands can have full access to VirusTotal by using Public or Premium APIs, please choose either based on your needs.

The prerequisite for using the API is that you must sign up to the VirusTotal Community. Once you have a valid VirusTotal Community account you will find your personal API key in your personal settings section.

Please refer to Public vs Premium API from VirusTotal’s documentation for more details about the limitations of the public API compared to the premium API.

Configuring VirusTotal V3 to Work with D3 SOAR

Creating a New User Account

  1. Navigate to the VirusTotal signup page at https://www.virustotal.com/gui/join-us.

  2. There are two options to create a new account.

    1. Email Address: Fill in the required fields, agree to the Terms of Service and Privacy Policy, then click Join us.

    2. Continue with Third-Party Account: Select the third-party account you want to use. You will be prompted to sign in to the selected account.

Adding an API Key

  1. Log in to VirusTotal (https://www.virustotal.com/gui/sign-in).

  2. Click on the user profile icon found on the top right corner, then API Key.

  3. Copy the API Key to build a connection with D3 SOAR. VirusTotal allows you to view your API key as many times as you wish. The API key will not change for your account unless you are upgrading to use the premium API key. Click here for more information about VirusTotal’s premium services.

READER NOTE

The API key grants user privileges, Store it securely and never share it.

Configuring D3 SOAR to Work with VirusTotal V3

  1. Log in to D3 SOAR.

  2. Find the VirusTotal V3 integration.

    Frame 6 (22)-20241017-234939.png
    1. Navigate to Configuration on the top header menu.

    2. Click on the Integration icon on the left sidebar.

    3. Type VirusTotal V3 in the search box to find the integration, then click it to select it.

    4. Click + New Connection, on the right side of the Connections section. A new connection window will appear.

  3. Configure the following fields to create a connection to VirusTotal V3.

    Frame 10 (20)-20241017-235005.png

    1. Connection Name: The desired name for the connection.

    2. Site: The site on which to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.

    3. Recipient site for events from connections Shared to Internal Sites: This field is displayed when Share to Internal Sites is selected for the Site field, allowing selection of the internal site for deploying the integration connection.

    4. Agent Name (Optional): The proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.

    5. Description (Optional): The description for the connection.

    6. Tenant (Optional): When configuring the connection from a master tenant site, users can choose the specific tenant sites with which to share the connection. Once this setting is enabled, users can filter and select the desired tenant sites from the dropdowns to share the connection.

    7. Configure User Permissions: Defines which users have access to the connection.

    8. Active: The checkbox that enables the connection to be used when selected.

    9. System Reputation Check: Selecting one or more reputation checkboxes will run the corresponding check reputation commands under this integration connection to enrich the corresponding artifacts with reputation details.

      image 8 (2)-20241017-235709.png

      For example, an integration connection named "ConnectionA" is configured with the "Sandbox" site. All URL artifacts from the "Sandbox" site will undergo a reputation check using the Check URL Reputation command from that integration. The return data output from this command will then be used to update the risk level of artifacts, which may affect the risk level of incoming events.

    10. System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.

      Frame 11 (18)-20241018-000600.png

      1. Copy the domain level VirusTotal Server URL. The default value is https://www.virustotal.com.
      2. Copy the API Key from the VirusTotal V3 platform (Refer to step 3 of Configuring VirusTotal V3 to Work with D3 SOAR for more on obtaining the API key).
      3. The default value of API Version is v3. D3 SOAR currently only supports API v3 for all commands. Please use the default value.

    11. Connection Health Check: Periodically checks the connection status by scheduling the Test Connection command at the specified interval (in minutes). Available only for active connections, this feature also allows configuring email notifications for failed attempts.

    12. Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Refer to the password vault connection guide if needed.

  4. Test the connection.

    Frame 9 (21)-20241017-235314.png

    1. Click on the Test Connection button to verify credentials and connectivity. A success alert displays Passed with a green checkmark. If the connection fails, review the parameters and retry.

    2. Click OK to close the alert window.

    3. Click + Add to create and add the configured connection.

Commands

VirusTotal V3 includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.

READER NOTE

Please note that the sample data provided for some of the following integration commands may have certain key-value pairs removed. However, the shortened sample data are still proper JSON objects. Some sample data have been shortened and simplified due to their length.

Integration API Note

For more information about the VirusTotal V3 API, please refer to the VirusTotal V3 API reference.

READER NOTE

Certain permissions are required for each command. Please refer to the Permission Requirements and Configuring VirusTotal V3 to Work with D3 SOAR for details.

Check File Reputation

Retrieves reputation information of the File(s).

Input

Input Parameter

Required/Optional

Description

Example

File Hashes

Required

The list of file hashes to perform the reputation check on. MD5, SHA-1 and SHA256 file hashes are supported.

JSON
["*****"]

Output

To view the sample output data for all commands, refer to this article.

D3-defined Risk Levels

The table below lists the possible output risk levels with the corresponding return “RiskLevels” under Key Fields:

Return Data

Key Fields “RiskLevels”

1

High

2

Medium

3

Low

4

N/A (Default)

5

ZeroRisk

Error Handling

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Check File Reputation failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: File Not Found.

Error Sample Data

Check File Reputation failed.

Status Code: 404.

Message: File Not Found.

Check IP Reputation

Retrieves reputation information of the IP(s).

Input

Input Parameter

Required/Optional

Description

Example

IPs

Required

The list of IPs to perform the reputation check on. Note: Only IPv4 addresses are supported.

JSON
[ "***.***.***.***" ]

Output

To view the sample output data for all commands, refer to this article.

D3-defined Risk Levels

The table below lists the possible output risk levels with the corresponding return “RiskLevels” under Key Fields:

Return Data

Key Fields “RiskLevels”

1

High

2

Medium

3

Low

4

N/A (Default)

5

ZeroRisk

Error Handling

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Check IP Reputation failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: IP Not Found.

Error Sample Data

Check IP Reputation failed.

Status Code: 404.

Message: IP Not Found.

Check URL Reputation

Retrieves reputation information of the URL(s).

Input

Input Parameter

Required/Optional

Description

Example

URLs

Required

The list of URLs to perform the reputation check on.

JSON
["*****"]

Output

To view the sample output data for all commands, refer to this article.

D3-defined Risk Levels

The table below lists the possible output risk levels with the corresponding return “RiskLevels” under Key Fields:

Return Data

Key Fields “RiskLevels”

1

High

2

Medium

3

Low

4

N/A (Default)

5

ZeroRisk

Error Handling

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Check URL Reputation failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: URL Not Found.

Error Sample Data

Check URL Reputation failed.

Status Code: 404.

Message: URL Not Found.

Detonate Files

Uploads and analysis files.

It is not recommended to use the Test Command feature with the Detonate Files command as it is designed for dynamic input files in Playbooks, Incident Attachments, and Artifact Attachments. There is a simple workaround to test the command:

  1. Navigate to Configuration on the top bar menu.

  2. Click on Utility Commands on the left sidebar menu.

  3. Use the search box to find and select the Create a File from input Text Array command.

  4. Click on the Test tab.

  5. Input the required information for the parameters.

  6. Click on the Test Command button. A D3 File ID will appear in the output data after the file has been successfully created. The D3 File Source of the created file will be Playbook File.

Input

Input Parameter

Required/Optional

Description

Example

File IDs

Required

The file paths of the file source. The options for file paths are:

  • Incident Attachment File: Incident.file.file ID

  • Playbook File: Task output

  • Artifact File: Incident.Events.file.file ID

JSON
["*****"]

File Source

Required

The file source of the file to detonate. The options for file sources are:

  • Incident Attachment File: Manually uploaded file from Incident

  • Playbook File: Output from another Task

  • Artifact File: Ingested Artifact in an Event

Incident Attachment File

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Detonate Files failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: File ID Not Found.

Error Sample Data

Detonate Files failed.

Status Code: 404.

Message: File ID Not Found.

Get Domain Relationships

Retrieves objects related to the specified internet domains.

Input

Input Parameter

Required/Optional

Description

Example

Domains

Required

The domains to retrieve related objects.

JSON
["*****"] 

Relationship

Required

The relationship between the specified domains and the related objects to return. Note: Relationship options labeled with “(Enterprise)” (e.g. Caa_records (Enterprise)) can only be used with a premium VirusTotal API connection.

Communicating_files

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get Domain Relationships failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Domain Not Found.

Error Sample Data

Get Domain Relationships failed.

Status Code: 404.

Message: Domain Not Found.

Get Domain Reports

Retrieves information of specified Internet domains.

Input

Input Parameter

Required/Optional

Description

Example

Domains

Required

The list of domains to return corresponding report information.

JSON
["*****"] 

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get Domain Reports failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Domain Not Found.

Error Sample Data

Get Domain Reports failed.

Status Code: 404.

Message: Domain Not Found.

Get File Behavior Summaries

Retrieves summaries with behavioral information about the specified files.

Input

Input Parameter

Required/Optional

Description

Example

File Hashes

Required

The file hash function values (SHA-256, SHA-1 or MD5) of the files to retrieve corresponding summaries.

JSON
["*****"]

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get File Behavior Summaries failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: File Hash Not Found.

Error Sample Data

Get File Behavior Summaries failed.

Status Code: 404.

Message: File Hash Not Found.

Get File Relationships

Retrieves objects related to the specified files.

Input

Input Parameter

Required/Optional

Description

Example

File Hashes

Required

The file hash function values (SHA-256, SHA-1 or MD5) of the files to retrieve related objects.

JSON
["*****"] 

Relationship

Required

The relationship between the specified file hashes and the related objects to return. Note: Relationship options labeled with “(Enterprise)” (e.g. Download_files (Enterprise)) can only be used with a premium VirusTotal API connection.

Contacted_ips

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get File Relationships failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: File Hash Not Found.

Error Sample Data

Get File Relationships failed.

Status Code: 404.

Message: File Hash Not Found.

Get File Reports

Retrieves information about the specified files.

Input

Input Parameter

Required/Optional

Description

Example

File Hashes

Required

The file hash function values (SHA-256, SHA-1 or MD5) of the files to return corresponding report information.

JSON
["*****"] 

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get File Reports failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: File Hash Not Found.

Error Sample Data

Get File Reports failed.

Status Code: 404.

Message: File Hash Not Found.

Get IP Relationships

Retrieves objects related to the specified IP addresses.

Input

Input Parameter

Required/Optional

Description

Example

IPs

Required

The IPs to retrieve related objects.

JSON
[  "***.***.***.***"  ]

Relationship

Required

The relationship between the specified IPs and the related objects to return. Note: Relationship options labeled with “(Enterprise)” (e.g. Download_files (Enterprise)) can only be used with a premium VirusTotal API connection.

Communicating_files

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get IP Relationships failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Invalid IP.

Error Sample Data

Get IP Relationships failed.

Status Code: 400.

Message: Invalid IP.

Get IP Reports

Retrieves information on the specified IP addresses.

Input

Input Parameter

Required/Optional

Description

Example

IPs

Required

The list of IPs to return corresponding report information.

["***.***.***.***"]

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get IP Reports failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Invalid IP.

Error Sample Data

Get IP Reports failed.

Status Code: 400.

Message: Invalid IP.

Get URL Relationships

Retrieves objects related to the specified URLs.

Input

Input Parameter

Required/Optional

Description

Example

URLs

Required

The URLs to retrieve related objects.

["http://*****.*****.***"]

Relationship

Required

The relationship between the specified URLs and the related objects to return. Note: Relationship options labeled with “(Enterprise)” (e.g. Analyses (Enterprise)) can only be used with a premium VirusTotal API connection.

Network_location

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get Url Relationships failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Invalid URL.

Error Sample Data

Get Url Relationships failed.

Status Code: 400.

Message: Invalid URL.

Get URL Reports

Analyzes and retrieves scan reports on URLs.

Input

Input Parameter

Required/Optional

Description

Example

URLs

Required

The list of URLs to return corresponding report information.

JSON
[  "http://*****.*****.***"  ]

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Get Url Reports failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 400.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Invalid URLs.

Error Sample Data

Get Url Reports failed.

Status Code: 400.

Message: Invalid URLs.

Retrieve Widget HTML Content

Returns the actual HTML content file(s) of the widget report(s) for the given observable(s).

Input

Input Parameter

Required/Optional

Description

Example

Query Observables

Required

The file hash (md5, sha1 or sha256), URL, IP address or Domain observable(s) to get HTML content of the VirusTotal widget report(s).

JSON
[ "http://*****.*****.***" ]

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Retrieve Widget HTML Content failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Expecting value: line 1 column 1.

Error Sample Data

Retrieve Widget HTML Content failed.

Status Code: 403.

Message: Expecting value: line 1 column 1.

Scan URL

Analyze and retrieve scan reports on URLs.

Input

Input Parameter

Required/Optional

Description

Example

URLs

Required

The list of URLs to scan and analyze.

JSON
[ "http://*****.*****.***" ]

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Scan URL failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: URL Not Found.

Error Sample Data

Scan URL failed.

Status Code: 404.

Message: URL Not Found.

Search

Searches domains, IP addresses, file hashes, URLs and tag comments.

Input

Input Parameter

Required/Optional

Description

Example

Query

Required

The query string to perform an indicator search in VirusTotal.

*****.*****.***

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Search failed.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 404.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Not Found.

Error Sample Data

Search failed.

Status Code: 404.

Message: Not Found.

Test Connection

Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.

Input

N/A

Output

Output Type

Description

Return Data Type

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

  • A connection issue with the integration

  • The API returned an error message

  • No response from the API

More details about an error can be viewed in the Error tab.

String

Error Handling

If the Return Data is failed, an Error tab will appear in the Test Result window.

The error tab contains the responses from the third-party API calls including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error

Description

Example

Failure Indicator

Indicates the command failure that happened at a specific input and/or API call.

Test Connection failed. Failed to check the connector.

Status Code

The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details.

Status Code: 403.

Message

The raw data or captured key error message from the integration API server about the API request failure.

Message: Expecting value: line 1 column 1.

Error Sample Data

Test Connection failed. Failed to check the connector.

Status Code: 403.

Message: Expecting value: line 1 column 1.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.