As an authorized reseller of the developer, Chronicle, we provide intelligence tools for security vendors.VirusTotal Enterpriseis provided to Japanese users.
In order to respond to the ever-changing threats of cyberspace, VirusTotalWe are continuously adding information sources and updating features.
Especially last year, the top bundleVirusTotal – DuetThere were major service revisions, such as the appearance of , and the enhancement of manufacturer support.
So this time, I will introduce the latest Virus Total again.
table of contents
What is VirusTotal
VirusTotal is a threat intelligence tool developed using Google technology.It is popular for its diverse analysis sources, powerful threat detection, and versatility.
Please refer to the following articles for Chronicle and the free version of VirusTotal.
Tegara Corporation is an Advanced Partner of Chronicle, the provider of VirusTotal.We are VirusTotal Enterprise reseller certified.
About VirusTotal Enterprise
VirusTotal Enterprise is VirusTotal's premium service for high frequency threat detection and detailed analysis.It is suitable for use by companies and organizations that conduct more advanced vulnerability countermeasures and specialized digital investigations.
A service that allows you to search and list sample files suspected of being malware that have been uploaded to the VirusTotal site from all over the world by characteristics, and download those samples for scrutiny.Virus Total IntelligenceThe following 5 types of functions can be used, centering on.
An advanced modifier-based search engine against VirusTotal's dataset (malware samples, URLs, domains, IPs) with rich threat details and contextual information.Judge similarity from historical data and instantly reveal IoC (Indicator of Compromise) for new threats.You can also download these files for further offline research and analysis.
VirusTotal Intelligence Details https://www.virustotal.com/gui/intelligence-overview |
Tools for tracking the evolution of specific threat actors or malware families. Apply YARA rules to VirusTotal's sample flux to reveal all IoCs (Indicator of Compromise) belonging to a particular campaign.
Real-time monitoring of files sent to VirusTotalLivehuntto search historical data retroactivelyRetrohuntThere are two functions of
VirusTotal Hunting Details https://www.virustotal.com/gui/hunting-overview |
A tool for finding commonalities between threats by visually viewing the VirusTotal dataset.Helps you understand the relationships between files, URLs, domains, IP addresses, and other monitored objects encountered in ongoing investigations.
Data in the free version of VT Graph is public and can be viewed by anyone, but in the paid version of Private Graph, data can be made private or editable only by specific users or groups.Private Graph can also read VT Hunting data.
VirusTotal Graph Details https://www.virustotal.com/gui/graph-overview Difference between Public Graph (free version) and Private Graph (paid version) |
An API that allows you to build scripts that upload and scan files and URLs and access scan reports without using VirusTotal's website interface. VirusTotal Enterprise provides more endpoints such as similarity search, clustering, behavioral information, etc.Premium version.
VirusTotal API Details https://developers.virustotal.com/reference Difference between Public API (free version) and Premium API (paid version) |
New feeds collected by the user community, external OSINT data, and YARA rules.By adding context such as attacker identification, victim profile, and external references, it is useful for TTP (Tactics, Techniques, and Procedures) analysis.
Two types are available: "Collection", which contains IoC such as hash, URL, domain, IP address, etc., and "Threat Actor", which contains details of the attacker.
*Currently, only some users can create Collections.
VirusTotal Insights Details https://blog.virustotal.com/2022/09/vt-collections-citius-altius-fortius.html |
Product renewal in 2022
2022 brings multiple changes to VirusTotal Enterprise.
VirusTotal Monitor no longer available
VirusTotal Monitor, a tool for reducing the risk of false antivirus detections by user-developed software, has been discontinued.
Existing users can continue to use VirusTotal Monitor, but no new features or bug fixes will be added in the future.
Change bundle contents
The contents of the bundle have changed in response to the usage and requests of existing users.Below is a summary of the main changes.
- End of Starter Bundle
VirusTotal Enterprise's entry-level Starter bundle has come to an end.
Customers currently subscribed to the Starter bundle will need to upgrade to a Basic or higher bundle upon their next renewal. - Launch of new bundle Duet
VirusTotal Enterprise Duet is a top-level bundle suitable for use by public institutions that conduct large-scale specialized research, global e-commerce sites that require stronger vulnerability countermeasures, web services, and financial institutions.The maximum number of search queries and rule settings is large, and you can receive extensive support. - Priority support now available
new bundleDuet ThePriority support(Priority Support). In Standard Support (normal support), the manufacturer will respond to inquiries from users within 2 business days, but in Priority Support, a person in charge will be assigned individually and support will be given priority over normal support.Also, the latest research reports and new features are available as soon as possible. - Changes to Professional Bundle Usage Limits(See the table below for the differences before and after the change.)
Features oldProfessional currentProfessional Premium APIs
150k/day 10k / Day Intelligence Searches & Downloads 5k/month 1k/month Retrohunt 5 / month 5 / month Livehunt YARA Rules 25 25 Private graphs add-on add-on Threat Hunter Pro add-on add-on Private graphs Not Included Not Included Support Standard Standard
About VirusTotal Enterprise license
The price of VirusTotal Enterprise varies depending on conditions such as the number of configured searches and the number of downloads per month.What we can provide is basically an annual license with a 12-month contract.
Four different bundles with five features are available for comprehensive security and investigative users.You can also purchase only specific functions or customize bundles according to your needs.
4 bundled licenses
A product with a set of functions for professional users.Please refer to the table below for usage limits for each bundle.
VirusTotal Edition | Basic | Professional | Professional Plus (*) | Duet |
---|---|---|---|---|
Premium APIs |
1k/day | 10k/day | 30k/day | 10m/month |
Intelligence Searches & Downloads | 300 / month | 1k/month | 5k/month | 20k/month |
Retrohunt | 2 / month | 5 / month | 25 / month | 1k/month |
Livehunt YARA Rules | 25 | 25 | 100 | 20 k |
Private graphs | add-on | add-on | add-on | Included |
Thread Hunter Pro (Extended Advanced Search, Retrohunt and Content Search to 12 months) |
90 day retrospective, more as an add on |
90 day retrospective, more as an add on |
Max.retrospection included | Max.retrospection included |
VT Insight (Collection & Threat Actor) |
Not Included | Not Included | Included | Included |
Support | Standard | Standard | Standard | Priority (VIP Program) |
* Added in April 2023 : The Enterprise Bundle has been renamed to the Professional Plus Bundle
An example of customization
VirusTotal Enterprise allows customization of bundles.For example, you can add the following VirusTotal additional functions (Feed/AddOn), or add limits for functions with usage limits such as Yara Rule and API.
VT Feed
–File Feed
–URL Feed
– Domain Feed
– IP Address Feed
– Sandbox Feed
VT AddOn
– Threat Hunter PRO
– Private Graphs (5 graphs | 25 graphs | 100 graphs)
– Private Scan (S: 1k file/month | M: 10k file/month | L: 100k/month)
–VT Alerts
[Example of customization]
- Basic bundleI plan to useIntelligence Searches & DownloadsAdded upper limit because only "300/month" is not enough
- Professional BundleI plan to useRetrohuntAdded Threat Hunter PRO (Premium version of VirusTotal Hunting) because I want to collate historical data up to the past year.
Try VirusTotal Enterprise
VirusTotal Enterprise is free to try for 14 days.
If you would like a trial version, please contact the manufacturer from the page below.
FREE TRIAL
https://www.virustotal.com/gui/contact-us/premium-services
* After answering the necessary items,” along with the purpose of use, please specify that you want a trial version and apply.
How to contact
to us VirusTotal EnterpriseWhen contacting us, please let us know the following information about the licensee (this is the information required by the manufacturer to provide the product).
【Necessary matter】 |
*In addition, due to a reseller agreement between Chronicle and our company Tegara Corporation, VirusTotal EnterpriseOnly "direct sales" from our company to end users ("resale" via third parties such as trading companies is not permitted under the contract).We kindly ask for your understanding.
■ Click here for product details and inquiries |