Elastic Security and VirusTotal integration
How to connect Elastic Security and VirusTotal
Create a new workflow and add the first step
In n8n, click the "Add workflow" button in the Workflows tab to create a new workflow. Add the starting point – a trigger on when your workflow should run: an app event, a schedule, a webhook call, another workflow, an AI chat, or a manual trigger. Sometimes, the HTTP Request node might already serve as your starting point.
Build your own Elastic Security and VirusTotal integration
Create custom Elastic Security and VirusTotal workflows by choosing triggers and actions. Nodes come with global operations and settings, as well as app-specific parameters that can be configured. You can also use the HTTP Request node to query data from any app or service with a REST API.
Elastic Security supported actions
Create
Create a case
Delete
Delete a case
Get
Get a case
Get Many
Retrieve many cases
Get Status
Retrieve a summary of all case activity
Update
Update a case
Add
Add a comment to a case
Get
Get a case comment
Get Many
Retrieve many case comments
Remove
Remove a comment from a case
Update
Update a comment in a case
Add
Add a tag to a case
Remove
Remove a tag from a case
Create
Create a connector
Supported API Endpoints for VirusTotal
GetFileReport
Retrieve the latest report on a file.
ScanFile
Send a file for scanning.
GetFileBehaviours
Retrieve a file's behaviors observed during sandbox execution.
GetFileComments
Retrieve comments on a file.
AddFileComment
Post a comment on a file.
GetURLReport
Retrieve the latest report on a URL.
ScanURL
Send a URL for scanning.
GetURLComments
Retrieve comments on a URL.
AddURLComment
Post a comment on a URL.
GetURLVotes
Retrieve votes on a URL.
GetDomainReport
Retrieve the latest report on a domain.
GetDomainComments
Retrieve comments on a domain.
AddDomainComment
Post a comment on a domain.
GetDomainResolutions
Retrieve the resolutions of a domain.
GetDomainSiblings
Retrieve the siblings of a domain.
GetIPAddressReport
Retrieve the latest report on an IP address.
GetIPAddressComments
Retrieve comments on an IP address.
AddIPAddressComment
Post a comment on an IP address.
GetIPAddressResolutions
Retrieve the resolutions of an IP address.
GetIPAddressHistorical
Retrieve the historical data of an IP address.
To set up VirusTotal integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to VirusTotal to query the data you need using the URLs you provide.
Take a look at the VirusTotal official documentation to get a full list of all API endpoints
Elastic Security and VirusTotal integration details
Elastic Security
With Elastic Security, you can prevent, detect, and respond to attacks on your organization. Years of data are analyzed by Elastic Security, which also automates crucial procedures and secures every system.
Elastic Security node docs + examples
Elastic Security credential docs
See Elastic Security integrations
Related categories
Other integrations with Elastic Security
The SOAR platform you want
Mountains of monotonous tasks make building and monitoring your workflows a chore. Not anymore.
Learn more
Save engineering resources
Reduce time spent on customer integrations, engineer faster POCs, keep your customer-specific functionality separate from product all without having to code.
Learn more
FAQ
Can Elastic Security connect with VirusTotal?
Can I use Elastic Security’s API with n8n?
Can I use VirusTotal’s API with n8n?
Is n8n secure for integrating Elastic Security and VirusTotal?
How to get started with Elastic Security and VirusTotal integration in n8n.io?
Looking to integrate Elastic Security and VirusTotal in your company?
The world's most popular workflow automation platform for technical teams including
Why use n8n to integrate Elastic Security with VirusTotal
Build complex workflows, really fast
