API Reference

Alerts Notifications

Information about Notifications for VT Alerts

VT Alerts notifications are events that matched a certain watchlist, and they contain all the information about the event.

A notification object has the following attributes:

  • created: <string> The date when the notification was created, in the format YYYY-MM-DDThh:mm:ss.sss.
  • event_severity: <string> The severity of the notification. Can be info, low, medium, high.
  • use_case_category: <string> The category for one of the following use cases: BRAND_IMPERSONATION, CORPORATE_INFRASTRUCTURE_ABUSE, PHISHING_COUNTERFEITING, POTENTIAL_FALSE_POSITIVE.
  • detection_category: <string> The detection category for the following detection types: BRAND_MATCH, DETECTED_DOMAIN, DETECTED_IP, DETECTED_URL, DOMAIN_TYPOSQUATTING, FAVICON_REUSE, FILE_COMMUNICATING_WITH_DOMAIN, FILE_COMMUNICATING_WITH_IP, FILE_COMMUNICATING_WITH_URL, FILE_DOWNLOADED_FROM_DOMAIN, FILE_DOWNLOADED_FROM_IP, FILE_DOWNLOADED_FROM_URL, PATTERN_EMBEDDED_IN_FILE, SUBDOMAIN_ABUSE.
  • is_read: <boolean> A flag to set this notification as read.
  • event_message_json: <dictionary> The full Event (see the Alerts Event object for documentation) that matched against the watchlist of the Asset.
{
    "data": {
        "attributes": {
            "created": "<datetime>",
            "event_message_json": <Alerts Event dictionary>,
            "event_severity": "<string>",
            "is_read": <boolean>
        },
        "id": "<string>",
        "links": {
            "self": "https://www.virustotal.com/alerts/notifications/<id>"
        },
        "type": "alerting_notification"
    }
}

{
  "data": [
    {
      "attributes": {
        "created": "2021-01-01T01:11:01.507935Z",
        "event_severity": "medium",
        "use_case_category": "CORPORATE_INFRASTRUCTURE_ABUSE",
        "detection_category": "PATTERN_EMBEDDED_IN_FILE",
        "is_read": false,
        "event_message_json": {
          "timestamp": {
            "seconds": "1633420852",
            "nanos": 527137000 
          },
          "domain_sighting": {
            "domain": {
              "name": "www.virustotal.com"
            },
            "embedded_in_file": {
              "file_type": "pe_exe",
              "verdicts": [
                {
                  "engine": "myEngine",
                  "signature": "something.malicious-0"
                }
              ],
              "sha256": "123abc",
              "stats": {
                "harmless": 70,
                "malicious": 1
              },
              "names": [
                "filename.exe"
              ]
            }
          }
        }
      }
    }
  ]
}

{
  "data": [
    {     
      "attributes": {
        "created": "2021-10-05T08:28:27.220511Z",
        "event_severity": "medium",
        "use_case_category": "POTENTIAL_FALSE_POSITIVE",
        "detection_category": "DETECTED_URL",
        "is_read": false,
        "event_message_json": {
          "timestamp": {
            "seconds": "1633421223",
            "nanos": 950850000
          },
          "url_sighting": {
            "url": {
              "verdicts": [
                {
                  "engine": "myEngine",
                  "signature": "malicious" 
                }
              ],
              "identifier": "http://www.myurl.com",
              "stats": {
                "harmless": 80,
                "malicious": 1,
                "undetected": 9
              },
              "main_icon_dhash": "abc123"
            },
            "domain": {
              "name": "www.mydomain.com/test" 
            } 
          } 
        }
      },
      "type": "alerting_notification",
      "id": "acb",
      "links": {
        "self": "https://www.virustotal.com/api/v3/alerts/notifications/abc" 
      }
    }
  ]
}