Skip to content

Connecting to VirusTotal#

First Steps with VirusTotal#

Set up an account with VirusTotal.


There is a free version and a paid version.

Rate Limits

With the free version the API is rate limited.

How to Connect DataDistillr to VirusTotal#

To set up a data source connection for VirusTotal, you will need to have:

  • A unique name for your data source connection to be used in queries.
  • The API Key generated by VirusTotal.

Data Source Form#

To locate the VirusTotal form, follow the steps in Connecting Your Data to DataDistillr. When you get to the window to choose the data source type, select API as shown below.

Select API from the available choices

On the API screen, select VirusTotal from list of API forms as shown in the image below.

Select VirusTotal API from available choices

The following form will appear. Instructions can be found below on how to find the information required to fill each field on the VirusTotal API form.

Once you have filled out all the fields, press the green 'Save' button, and your API will be connected!

VirusTotal Form


Enter any name that will help you recognize this data source from within your query window.

Acceptable characters include

  • lowercase alphanumeric characters
  • underscores

API Key#

From your VirusTotal home page, open the menu in the to right hand corner and click on "API Keys" tab in the menu Sign in

Highlight and copy your API Key Copy API Key


The table below shows a list of endpoints available to connect to within the DataDistillr application. If you need to connect to any endpoints not listed in the table below, please use the Custom API Form.

Endpoint URL Params Optional Params Description
collections collection
relationships Get an object from a collection

The endpoint above will display as follows in the nav tree once your API has successfully connected.

VirusTotal Endpoints

Sample Queries#

The following queries are intended to help you get started, and make life simpler querying within your API.

For the following examples, suppose that my VirusTotal data source was called myvirustotalapi and I want to query an endpoint. The endpoint goes after the VirusTotal data source name:

FROM Clause

FROM `myvirustotalapi`.`<ENDPOINT>`

Get Collection Endpoint#

Get an object from a collection.

FROM `myvirustotalapi`.`collections`
WHERE collection = '<COLLECTION_NAME>'
  AND objectId = '<OBJECT_ID>' LIMIT 1000