QVTI Virus Total Integration for Hash Checking
QVTI Virus Total Integration for IBM Security QRadar SIEM (aka QVTI) is an application for checking software process hashes against VirusTotal database using VirusTotal public API.
QVTI checks file hashes against VirusTotal DB and generates offenses for malicious ones.
QVTI relies on the Sysmon log data collected with WinCollect agents.
Automatic Sysmon/WinCollect installation and configuration are possible with the QWAD WinCollect Assisted Deployment application.
QRadar Native Alternatives
There is no such native functionality in QRadar. Users have to manually extract hashes from the payload and upload them to VirusTotal.
QVTI is a free application by ScienceSoft. Open Source / Apache 2.
Paid VirusTotal subscription is optional and cannot be purchased through ScienceSoft.
IBM App Exchange
QVTI VirusTotal Integration for Hash Checking is officially available at IBM Security App Exchange. Please, follow the link to download it now.
All about Cybersecurity
IBM QRadar SIEM
IBM QRadar Tools: Deployment & Environment
IBM QRadar Tools: Analytics & Reporting
IBM QRadar Tools: MITRE ATT&CK
Security Information and Event Management
IBM QRadar Tools: Data Integration
QVTI Virus Total Integration