Back to Integrations
integrationElastic Security node
integrationVirusTotal node
HTTP Request

Elastic Security and VirusTotal integration

Save yourself the work of writing custom integrations for Elastic Security and VirusTotal and use n8n instead. Build adaptable and scalable Development, and Cybersecurity workflows that work with your technology stack. All within a building experience you will love.

How to connect Elastic Security and VirusTotal

  • Step 1: Create a new workflow
  • Step 2: Add and configure nodes
  • Step 3: Connect
  • Step 4: Customize and extend your integration
  • Step 5: Test and activate your workflow

Step 1: Create a new workflow and add the first step

In n8n, click the "Add workflow" button in the Workflows tab to create a new workflow. Add the starting point – a trigger on when your workflow should run: an app event, a schedule, a webhook call, another workflow, an AI chat, or a manual trigger. Sometimes, the HTTP Request node might already serve as your starting point.

Elastic Security and VirusTotal integration: Create a new workflow and add the first step

Step 2: Add and configure Elastic Security and VirusTotal (using the HTTP Request node)

You can find Elastic Security and VirusTotal nodes in the nodes panel and drag them onto your workflow canvas. Elastic Security node comes with pre-built credentials and supported actions. VirusTotal can be set up with the HTTP Request node using a pre-configured credential type. The HTTP Request node makes custom API calls to VirusTotal. Configure Elastic Security and VirusTotal nodes one by one: input data on the left, parameters in the middle, and output data on the right.

Elastic Security and VirusTotal integration: Add and configure Elastic Security and VirusTotal nodes

Step 3: Connect Elastic Security and VirusTotal

A connection establishes a link between Elastic Security and VirusTotal (or vice versa) to route data through the workflow. Data flows from the output of one node to the input of another. You can have single or multiple connections for each node.

Elastic Security and VirusTotal integration: Connect Elastic Security and VirusTotal

Step 4: Customize and extend your Elastic Security and VirusTotal integration

Use n8n's core nodes such as If, Split Out, Merge, and others to transform and manipulate data. Write custom JavaScript or Python in the Code node and run it as a step in your workflow. Connect Elastic Security and VirusTotal with any of n8n’s 1000+ integrations, and incorporate advanced AI logic into your workflows.

Elastic Security and VirusTotal integration: Customize and extend your Elastic Security and VirusTotal integration

Step 5: Test and activate your Elastic Security and VirusTotal workflow

Save and run the workflow to see if everything works as expected. Based on your configuration, data should flow from Elastic Security to VirusTotal or vice versa. Easily debug your workflow: you can check past executions to isolate and fix the mistake. Once you've tested everything, make sure to save your workflow and activate it.

Elastic Security and VirusTotal integration: Test and activate your Elastic Security and VirusTotal workflow

Build your own Elastic Security and VirusTotal integration

Create custom Elastic Security and VirusTotal workflows by choosing triggers and actions. Nodes come with global operations and settings, as well as app-specific parameters that can be configured. You can also use the HTTP Request node to query data from any app or service with a REST API.

Elastic Security supported actions

Create
Create a case
Delete
Delete a case
Get
Get a case
Get Many
Retrieve many cases
Get Status
Retrieve a summary of all case activity
Update
Update a case
Add
Add a comment to a case
Get
Get a case comment
Get Many
Retrieve many case comments
Remove
Remove a comment from a case
Update
Update a comment in a case
Add
Add a tag to a case
Remove
Remove a tag from a case
Create
Create a connector

Supported API Endpoints for VirusTotal

GetFileReport
Retrieve the latest report on a file.
GET
/files/{file_id}
ScanFile
Send a file for scanning.
POST
/files
GetFileBehaviours
Retrieve a file's behaviors observed during sandbox execution.
GET
/files/{file_id}/behaviours
GetFileComments
Retrieve comments on a file.
GET
/files/{file_id}/comments
AddFileComment
Post a comment on a file.
POST
/files/{file_id}/comments

To set up VirusTotal integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to VirusTotal to query the data you need using the URLs you provide.

See the example here

Take a look at the VirusTotal official documentation to get a full list of all API endpoints

GetURLReport
Retrieve the latest report on a URL.
GET
/urls/{url_id}
ScanURL
Send a URL for scanning.
POST
/urls
GetURLComments
Retrieve comments on a URL.
GET
/urls/{url_id}/comments
AddURLComment
Post a comment on a URL.
POST
/urls/{url_id}/comments
GetURLVotes
Retrieve votes on a URL.
GET
/urls/{url_id}/votes

To set up VirusTotal integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to VirusTotal to query the data you need using the URLs you provide.

See the example here

Take a look at the VirusTotal official documentation to get a full list of all API endpoints

GetDomainReport
Retrieve the latest report on a domain.
GET
/domains/{domain}
GetDomainComments
Retrieve comments on a domain.
GET
/domains/{domain}/comments
AddDomainComment
Post a comment on a domain.
POST
/domains/{domain}/comments
GetDomainResolutions
Retrieve the resolutions of a domain.
GET
/domains/{domain}/resolutions
GetDomainSiblings
Retrieve the siblings of a domain.
GET
/domains/{domain}/siblings

To set up VirusTotal integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to VirusTotal to query the data you need using the URLs you provide.

See the example here

Take a look at the VirusTotal official documentation to get a full list of all API endpoints

GetIPAddressReport
Retrieve the latest report on an IP address.
GET
/ip_addresses/{ip_address}
GetIPAddressComments
Retrieve comments on an IP address.
GET
/ip_addresses/{ip_address}/comments
AddIPAddressComment
Post a comment on an IP address.
POST
/ip_addresses/{ip_address}/comments
GetIPAddressResolutions
Retrieve the resolutions of an IP address.
GET
/ip_addresses/{ip_address}/resolutions
GetIPAddressHistorical
Retrieve the historical data of an IP address.
GET
/ip_addresses/{ip_address}/historical

To set up VirusTotal integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to VirusTotal to query the data you need using the URLs you provide.

See the example here

Take a look at the VirusTotal official documentation to get a full list of all API endpoints

FAQs

  • Can Elastic Security connect with VirusTotal?

  • Can I use Elastic Security’s API with n8n?

  • Can I use VirusTotal’s API with n8n?

  • Is n8n secure for integrating Elastic Security and VirusTotal?

  • How to get started with Elastic Security and VirusTotal integration in n8n.io?

Looking to integrate Elastic Security and VirusTotal in your company?

Over 3000 companies switch to n8n every single week

Why use n8n to integrate Elastic Security with VirusTotal

Build complex workflows, really fast

Build complex workflows, really fast

Handle branching, merging and iteration easily.
Pause your workflow to wait for external events.

Code when you need it, UI when you don't

Simple debugging

Your data is displayed alongside your settings, making edge cases easy to track down.

Use templates to get started fast

Use 1000+ workflow templates available from our core team and our community.

Reuse your work

Copy and paste, easily import and export workflows.

Implement complex processes faster with n8n

red iconyellow iconred iconyellow icon