The VirusTotal Scan URL action iterates over the selected scope
entities, and initiates a request to VirusTotal for each entity whose type is
URL. When finished, the action enriches the URL entities with a VirusTotal
report and also posts the result on the Case Wall.
An is_risky value is exposed so that you can add further
conditions to the playbook for high-risk URLs.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThe VirusTotal Scan URL action scans multiple URLs within a selected scope.\u003c/p\u003e\n"],["\u003cp\u003eEach URL is analyzed individually by VirusTotal, initiated through a request.\u003c/p\u003e\n"],["\u003cp\u003eAfter scanning, URL entities are enriched with a detailed VirusTotal report.\u003c/p\u003e\n"],["\u003cp\u003eThe action posts the scan results to the case wall for easy access and review.\u003c/p\u003e\n"],["\u003cp\u003eAn \u003ccode\u003eis_risky\u003c/code\u003e value is provided, enabling you to define more conditions in the playbook for dangerous URLs.\u003c/p\u003e\n"]]],[],null,["# Scan multiple URLs in VirusTotal\n================================\n\nSupported in: \nGoogle secops [SOAR](/chronicle/docs/secops/google-secops-soar-toc)\n\n\nThe **VirusTotal Scan URL** action iterates over the selected scope\nentities, and initiates a request to VirusTotal for each entity whose type is\nURL. When finished, the action enriches the URL entities with a VirusTotal\nreport and also posts the result on the Case Wall. \n\nAn `is_risky` value is exposed so that you can add further\nconditions to the playbook for high-risk URLs.\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
