17 September 21, 07:21
Quote:Continue Reading
360-degrees insights into your assets
Many VirusTotal’s users deploy rules to monitor that their assets, including domains, IP ranges and intellectual property are not being abused by any attacker.
Today we are proud to introduce VT Alerts, a solution designed to help detect any abuse in (almost) real time.
Before going into more details, we invite you to join us next September 28th at 17:00 CEST for our VT Alerts webinar if you want to know everything about it.
What is VT Alerts?
VT Alerts is designed to provide a feed-like experience providing different severity notifications on anything we detected in VirusTotal that matches your infrastructure and intellectual property. It offers you an easy way to create watchlists where you can include all the network-related assets of your company, as well as terms related to your brands and intellectual property.
VT Alerts will take it from here, automatically monitoring anything new we detect in VirusTotal matching this criteria and providing you with alerts on anything suspicious we find in the VirusTotal ecosystem.
Watchlists and notifications
We have designed three types of watchlists: Domains, IPs and Brand. Here is how it works.
For networking infrastructure there are two types of watchlists. The first one is for Domains and basically expects a list of, well, domains, and the second is for IP Ranges belonging to your infrastructure that you want to monitor. Once this is defined, alerts are created when any of the following criteria is met:Brand protection works a bit differently, as here you can provide any terms related to your business, brands and intellectual property. We will search for these terms in any suspicious network infrastructure and communication to detect abuses.
- Any URL under any domain or subdomain in the Domains watchlist is detected as malicious in VirusTotal.
- Any malicious file contacts a URL under any domain or subdomain in the Domains watchlist.
- A malicious file is downloaded from a URL under any domain or subdomain in the Domains watchlist.
- We detected any URLs or domains reusing any domain or subdomain in the Domains watchlist.
- We find any Domain or IP in the content of any malicious file.
- Domain typosquatting notifications.
For example, we will search for any link including any of the keywords from your list of terms to monitor, which is a very usual tactic used by attackers in phishing campaigns. We will also check if any of the terms are found in any website we analyse, flagging potential abuse by third-parties. These terms could be any strings that are characteristic to your brand or that are candidates to be reused by attackers, for example, in phishing websites cloning yours. Additionally to these strings, we will need your domains (allow-list) so we make sure every time we find something suspicious it does not belong to you.
Alright, now everything is set and ready in your Brand watchlist. VT Alerts will let you know when:And that would be it. Next: let’s learn more about the Alerts.
- Any domain outside your infrastructure reuses any of your favicons.
- Any URL outside of your infrastructure uses any of the strings you defiled.
...