Use Google Security Operations's integration with
VirusTotal to
pivot from finding domains linked to an asset in Google SecOps to viewing
information about that domain from VirusTotal and launching VirusTotal Graph.
VirusTotal Graph is a visualization tool built on top of the VirusTotal dataset.
It analyzes the relationship between files, URLs, domains, IP addresses,
and other items encountered. VirusTotal Graph helps to illustrate the
interconnections between potentially malicious domains and the assets within
your enterprise.
To view the VirusTotal Context for a domain, complete the following steps:
Search for a suspicious domain in Google SecOps. Select the domain in
the search results to open Domain view.
Click VT CONTEXT at the top of Domain view to open the VT Context
window. The numbers next to VT CONTEXT indicate the number of security
vendors that have flagged this domain as malicious.
Domain view with VT CONTEXT option
The VT Context window opens to the Detections tab. This tab displays more information from VirusTotal with regards to what is known about this domain, for example, whether or not the domain is malicious.
Detections tab
Click the IoCs tab to view any of the IoCs VirusTotal has in its database for this domain. To view the VirusTotal IoCs, you must be signed you must have a VirusTotal Enterprise account. Enter your VirusTotal login credentials when asked.
IoCs tab
Click the Graph tab to open the control to launch VirusTotal Graph. To use VirusTotal Graph, you must have a VirusTotal Enterprise account. Enter your VirusTotal login credentials when asked.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-11 UTC."],[[["Google Security Operations integrates with VirusTotal, allowing users to view VirusTotal information about domains, IP addresses, and files directly within the platform."],["The VT Context feature in Google Security Operations displays the number of security vendors that have flagged a domain as malicious, along with other related details, on the Detections tab."],["The IoCs tab within VT Context allows users with a VirusTotal Enterprise account to view the Indicators of Compromise data for a selected domain, IP address, or file."],["VirusTotal Graph, accessible through Google Security Operations for Enterprise account users, is a visualization tool that illustrates the relationships between potentially malicious items."]]],[]]
