Accessing VirusTotal Insights Through Magnet AXIOM Cyber

As part of the continuous development of Magnet AXIOM Cyber’s incident response capabilities, we’ve integrated VirusTotal giving you the ability to quickly check files against their database of known threats.  

Leveraging over 70 antivirus engines, VirusTotal provides information on known malicious files so that you can quickly gain insight into the history and behavior of a threat to inform your response and mitigation plans.

How to Use VirusTotal in AXIOM Cyber  

Let’s look at how the VirusTotal feature would integrate into an incident response workflow.  

An endpoint was identified as potentially being compromised, so a collection was completed for the machine and the data was processed using YARA rules scanning in AXIOM Cyber. A YARA hit comes back positive for a file that the DFIR team suspect could be malware, but they need more insight on the threat to determine their response. 

From the filesystem view in AXIOM Cyber, an examiner simply right clicks to hash the file and check it against VirusTotal’s database. The results are presented on the VirusTotal website in a browser window, complete with threat scoring from a range of security vendors as well as behavioral information that can help identify additional or related instances of similar threats. 

To integrate these findings into a case, examiners can use the MAGNET Web Page Saver free tool (one of our many free resources) to capture the results from VirusTotal and add them as evidence.  

Maintaining Confidentiality 

We know your investigations contain highly sensitive data, which is why this integration has been developed to maintain the highest level of confidentiality.  

Any file that is checked in VirusTotal is hashed in AXIOM Cyber rather than uploaded. The hash of the file is all that is used check for known threats in VirusTotal – no other file information is submitted to VirusTotal, maintaining the anonymity of your records.  

How to Add a File to VirusTotal  

To contribute to the cybersecurity community’s understanding of potentially harmful content, you can also export the file from AXIOM Cyber so that it can be uploaded to VirusTotal. To export a file from AXIOM Cyber, right click on the file from the filesystem view and save it to your local computer. As the file is a suspected virus, once it is on your desktop it is important to treat it with caution.  Exporting the file as a .zip can help protect your system and can still be uploaded to VirusTotal if it isn’t encrypted.  

The scanning report for shared files is made available to the public VirusTotal community and the contents of submitted files may be shared with premium VirusTotal customers to facilitate the development of insights into the behaviors of emerging cyber threats and malware. 

Get Magnet AXIOM Cyber Today 

To try the VirusTotal integration and all the other great incident response capabilities of AXIOM Cyber for yourself, request a free trial today!

The post Accessing VirusTotal Insights Through Magnet AXIOM Cyber appeared first on Magnet Forensics.

Accessing VirusTotal Insights Through Magnet AXIOM Cyber