VirusTotal API Key - Nuix/VirusTotal-Integration GitHub Wiki

VirusTotal API Key

For the script to function, you will need to get an API key from VirusTotal. They provide a free (public) API key, and a paid for Premium API key. It is the users responsibility to determine which key is right for them and to ensure you agree with VirusTotals terms and privacy policy.

Whilst the script will function with a public and premium key, it is worth highlighting the main differences:

  • The Public API is limited to 500 requests per day and a rate of 4 requests per minute.
  • The Public API must not be used in commercial products or services.
  • The Public API must not be used in business workflows that do not contribute new files.
  • The Premium API does not have request rate or daily allowance limitations, limits are governed by your licensed service step.
  • The Premium API returns more threat context and exposes advanced threat hunting and malware discovery endpoints and functionality.
  • The Premium API is governed by an SLA that guarantees readiness of data.

Full details can be seen in the reference guide for the API here

Requesting a new API key

  1. Navigate to www.virustotal.com. Note: A VirusTotal account is required. If you do not already have a VirusTotal account, create an account by joining their community.
  2. Sign in to your VirusTotal account.
  3. Click on your username in the upper right hand corner of the page.
  4. From the drop-down menu, click API Key.
  5. Your API key displays in the middle of the screen. Copy this key for later use. Protect this API key as you would a password. (It is removed for security purposes in the following image.)

image