VirusTotal is a service that analyzes IP addresses, URLs, files, and file hashes to facilitate quick detection of malicious activity. VirusTotal integration for Security Operations enables the analysis of artifacts involved in security incidents through automated threat lookups.
VirusTotal Integration for Security Operations is now available only on the ServiceNow® Store.
- Threat lookup workflows run on selected observables upon incident creation.
- The execution and completion status of the workflow is recorded in work notes.
- Reputation results are available in the incident record.
New :
Upgraded dictionary-level read-only fields to Strict Read-Only to enhance security and prevent unauthorized changes.This update ensures the server consistently enforces read-only behavior across all UIs, scripts, and integrations.
Before you can use the VirusTotal Integration for Security Operations, you must install the application and add the appropriate API key.
The Threat Intelligence application is required to activate VirusTotal Integration for Security Operations.