VirusTotal IoC collections, what next?

JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

Help us shape the evolution of IoC collections in VirusTotal, your feedback will be input to prioritize incremental features added to this capability.

Learn more about IoC collections at:
https://blog.virustotal.com/2021/11/introducing-virustotal-collections.html

Which statement best describes the newly released IoC collections functionality? *

This should become the de-facto standard to share sets of IoCs on blog articles, research reports and the like.

VirusTotal really needed this, I will be using it regularly.

It is a move in the right direction, but it is missing a lot of functionality to make it truly useful.

I will be consuming IoC collections but I don't plan to create collections.

I have no use for it and I don't think it will help me in any way.

Other:

Select all features that would be interesting for you *

Add user-defined tags to IoC collections.

Add tags to IoCs contained in collections, e.g. CnC domain, payload download URL, etc.

Add custom verbose annotations to IoCs contained in collections.

Additional input fields to attribute the collection to a given threat actor.

Additional input fields to describe industries targeted by a given threat campaign.

Additional input fields to describe countries targeted by a given threat campaign.

Be able to draw flow diagrams with the IoCs contained in the collections.

Visualize timelines for the collections.

Calculate commonalities/property aggregations/patterns for the IoCs contained in collections.

A mechanism to easily consume collections data in my SIEM/SOAR/EDR/etc.

ACLs to share collections exclusively with a subset of VirusTotal users.

Functionality to vote on collections as a representation of accuracy/usefulness/relevancy.

Gamified (community reputation) experience to encourage users to create collections.

Other kinds of IoCs: file names, registry keys, process names, .NET GUIDs, etc.

Other:

Required

Identify your TOP1 ask from the feature list *

On a scale of 1 to 5, how important is it for you to have ACL controls to share collections exclusively with a subset of VirusTotal users. *

Not interesting

I will not use it without ACL controls

On a scale of 1 to 5, how important would it be for you to be able to subscribe to collections and ingest IoCs automatically in your security stack? *

Not interesting

Very important

On a scale of 1 to 5, how important is it for you to have threat actor information tied to collections? *

Not interesting

Very important

On a scale of 1 to 5, how important is it for you to have industry targeting information for collections? *

Not interesting

Very important

On a scale of 1 to 5, how important is it for you to be able to search over all the collections in the system? *

Not interesting

Very important

How can we make the concept of IoC collections more actionable in your environment?

We want to automatically create collections based on OSINT sources, can you suggest sources that should be integrated?

Do you have any ideas as to how could we curate IoC collection data?

Any other feature requests with respect to IoC collections?

Submit

Clear form

Never submit passwords through Google Forms.

This form was created inside of Google.com. Privacy & Terms

Forms