One of the basics of VT Intelligence is using the “entity” search keyword to directly specify the type of output you want to get. There are specific modifiers for every entity, here you can find direct links to documentation for file , URL , IP and Domain.
The best approach to learn how to use them is with some real life examples:
Some other examples:
Ordering VirusTotal Intelligence searches
orderparameter defines the order in which results are returned. They can be followed by a plus (
+) or minus (
-) sign for indicating ascending or descending order respectively (i.e:
<order>-). If no ascending/descending order is specified it's assumed to be ascending, so
<order>+are equivalent. If the
orderparameter is not provided, items are returned in a default order. The following table shows supported and default orders for every kind of entity:
|Entity type||Supported orders||Default order|
|file||first_submission_date, last_submission_date, positives, times_submitted, size||last_submission_date-|
|url||first_submission_date, last_submission_date, positives, times_submitted, status||last_submission_date-|
|domain||creation_date, last_modification_date, last_update_date, positives||last_modification_date-|
|ip||ip, last_modification_date, positives||last_modification_date-|
Remember that content searches can not be sorted, so If your query contains content search the order parameter will make no effect.