VT Intelligence Cheat Sheet

Many of you asked for this, and today we are happy to announce the release of our VTI Cheat Sheet with hints and examples on the most useful VT Intelligence queries and modifiers. Instead of providing a list of already documented search modifiers, we created something more specific and close to the real life cases, such as searching for files signed with leaked Nvidia certificates or recent samples from collections attributed to CozyBear.

You can find the PDF version of the Cheat Sheet here. In this post we are providing some of the clickable examples with additional explanations.

Entities

One of the basics of VT Intelligence is using the “entity” search keyword to directly specify the type of output you want to get. There are specific modifiers for every entity, here you can find direct links to documentation for file, URL, IP and Domain (Collection will be available soon, stay tuned). Here there are quick examples for each of them:

entity:ip asn:”15169″ communicating_files_max_detections:30+

entity:domain downloaded_files_max_detections:20+

entity:url p:3+ have:tracker

entity:file tag:signed p:10+

This article has been indexed from VirusTotal Blog