Logo
Back Home

Articles in this section

VirusTotal Graph overview

Overview

VirusTotal Graph is a visualization tool built on top of VirusTotal data set. It understands the relationship between files, URLs, domains, IP addresses and other items encountered in an ongoing investigation. With it, you can pivot intelligently over any of the malware artifacts in your graph and synthesize your findings into a threat map that you can share with your colleagues.

mceclip2.png

 

RELATIONSHIPS ORIENTED

VirusTotal's backend generates rich relationships: URLs from which a file has been downloaded, whether a given file been seen contained in some other files, what are the parents of a given Portable Executable, domain to IP address mappings over time, etc. Explore all these 30+ inter-item links in a graph, with nodes and arcs that allow you to discover new infrastructure and artifacts leveraged by the subjects of your investigation.

mceclip2.png

 

CREATE, COLLABORATE, SHARE

Work in the same investigation with your peers, save your investigation graphs and publish your findings either publicly or with your organization.

mceclip4.png mceclip1.png

 

FIND PATTERNS

Common patterns and commonalities are very interesting and, in a way, a critical piece in the investigation, this is why we have decided to calculate them on-demand for you. Just select a group of nodes in the graph and click on “Find commonalities” to see a list of common attributes in the selection.

 mceclip7.png

 

SEAMLESS INTEGRATION WITH VTI SEARCH AND HUNTING

Expand a node using a VTI search query or download the selected nodes in the graph. VirusTotal Graph works along with their sibling VT tools.

mceclip8.png

 

THREAT CARDS

Hover over any of the nodes in your graph and see a summary of the item with the most representative data in VirusTotal database. Click in the node to see the available expansions, the submission graph, the AV verdicts (for files and urls) and the community comments.

 mceclip3.png

 

CUSTOM NODES

VirusTotal dataset might not know a link between two entities as it might only happen in your environment. VT Graph allow you to manually add this links and furthermore, to add a new node to the graph even when VT doesn’t know about it. Our supported custom types are file, url, domain, IP address, actor, department, email and victim.

mceclip10.png

 

 

Powered by Zendesk