Virustotal offline integration
299 views
Skip to first unread message
bastien pivot
Dec 6, 2021, 5:52:13 AM12/6/21
to Wazuh mailing list
Hi Team,
I'm using the current version of wazuh 4.2 , and the manager has been installed on Rehl7.
I would like to perform virustotal integration with wazuh, i noticed that virustotal required a internet connection. The fact is my manager cannot have any access to internet, so i would like to know if a solution to use virustotal without internet connection or may be an other solution to realize the same thing does exist?
thanks for yours answers
Regards
Bastien
Andres Micalizzi
Dec 6, 2021, 6:39:32 AM12/6/21
to Wazuh mailing list
Hi Bastien,
Thanks for using Wazuh.
The main advantage of Virustotal is that it is just a collection of antiviruses that are always updated and that it tests your files automatically with all AVs until it gets a match. There is no offline version of it and the manager will need to connect it to the internet in order to send its information over to VirustTotal.
You could probably set up a VM where you would install some or all the AVs VirusTotal uses, and use some kind of script to copy files that generated alerts on wazuh, so they can be scanned by the Antiviruses you've installed.
You could probably set up a VM where you would install some or all the AVs VirusTotal uses, and use some kind of script to copy files that generated alerts on wazuh, so they can be scanned by the Antiviruses you've installed.
I hope this answers your question.
Best regards and happy holidays,
Andrés
Reply all
Reply to author
Forward
0 new messages