Chronicle

Chronicle Security is a cybersecurity provider that is now part of the Google Cloud Platform. Google has combined various information security solutions under the Chronicle umbrella, including VirusTotal, which was founded by Hispasec Sistemas and acquired in 2012.

Chronicle was integrated into Google Cloud Services in 2018.

VirusTotal

VirusTotal is not just a free platform where any user can upload suspicious files and have them scanned by a large number of different virus scanners.

In fact, VirusTotal is now one of the world's largest threat intelligence sharing platforms and has partnerships that allow not just antivirus vendors but any team to collaborate on evaluating files and malware. Dozens of companies collaborate with passive DNS information, sandbox reports, origin details, static analysis tools, etc.

VirusTotal takes a 360º characterization approach to attacker campaigns. VirusTotal processes and understands files, URLs, domains, IPs, etc. You don't just buy a hash checker, you buy a telescope and a microscope for every type of threat you can observe.

VT Intelligence

VT Intelligence extracts and indexes files, URLs, domains and IP addresses with actionable properties and metadata from a security and threat analysis perspective. The indexed data includes: Sandbox behavior, network information, Office macros, PE imports/exports, Authenticode signatures, Whois lookups, DNS resolutions, SSL certificates, origin, popularity rankings, antivirus labels, etc.

Multiple property searches can be performed via advanced modifiers, and threat actor campaigns can be fully mapped through pivoting and similarity searches.

Any file uploaded to VirusTotal can be downloaded for further investigation offline, including disassembly and debugging, running files in specialized analysis infrastructure such as sandboxes similar to your environment, etc.

VT API

VT API is a RESTful interface to the VirusTotal dataset that allows you to programmatically connect your enterprise systems and workflows to our threat intelligence going back to 2004. All functions described for the components above are accessible via the API, so you can enrich any type of observables with this solution: Files, URLs, IPs, domains, etc.

Data points that can be retrieved include: Ratings, sandbox behavior, network information, Office macros, PE imports/exports, Authenticode signatures, Whois lookups, DNS data, SSL certificates, origin information, popularity rankings, etc. Many third-party security solutions have VT API integration, which means that threat enrichment sometimes only requires inserting the API key into a configuration form.

Your Benefit

  • Enrich and triage alerts to make better and faster decisions.
  • Generate IoCs that you can use to power-up your security defenses.
  • Track the evolution of malware families and threat actors with YARA.
  • Download malware for advanced dissection offline
  • Map out attacker campaigns in collaborative node graphs
  • Seamlessly surface global threat data into your SIEM, SOAR, IDS, etc.
  • Improve the performance of your SOC analysts

Our Service

We advise you on the integration of VirusTotal Threat Intelligence Feeds into your infrastructure. We work with you to implement the necessary configuration. We support you in the analysis and evaluation of malware.

Simply make an appointment with us.