API Reference
Start typing to search…

Retrieve historical events about your software collection

get
https://www.virustotal.com/api/v3/monitor/events

This endpoint returns historical information about your stored files, including creation, deletion, detections, and clean-ups.

A dictionary with data, links, and meta properties is received.

Events will be listed in dictionary format with the following fields:

Field NameDescriptionPossible Values
actionA keyword describing the action that the event is describingCLEAN
COMMENT
DELETE
DETECTED
UPLOAD
RESOLVED
creator_idUsername. Who uploaded the file.
detailsA list of strings detailing current and previous engine verdicts.

Composed of four parts with a ':' separator:

engine
current | last
signature | update | version | malicious | visible
<value>

For example:
engine:current:update:20191016
engine:last:signature:<signature>

levelSeverity level for the event.0 (lowest) to 4 (highest)
monitor_keyThe key of the monitor item.
owner_idThe group that owns the monitor item.
plaintext_descriptionA space-separated collection of keywords containing sha256, detecting engines, and file names.Not always present
sourceThe action originating or triggering this event.ANALYSIS
FILE
QUOTA
subjectIf applicable, the SHA256 of the file.
timestampTimestamp in the format YYYYMMDDTHH:mm:ss
{
  "data": [
    {
      action: "CLEAN",
      creator_id: "wcoyote",
      details: [
        {
          "v": "engine:current:clean"
        }
      ],
      level: "1",
      monitor_key: "abcdcdcedef928492384==",
      owner_id: "monitor_group_here",
      plaintext_description: "",
      source: "FILE",
      subject: "sha256_here",
      timestamp: "2019-12-31T23:58:58",
    },
    {
      action: "DETECTED",
      creator_id: "wcoyote",
      details: [
        {
          "v": "engine:current:malicious:ENGINE_ONE"
        },
        {
          "v": "engine:current:malicious:ENGINE_TWO"
        },
      ],
      level: "1",
      monitor_key: "abcdcdcedef928492384==",
      owner_id: "monitor_group_here",
      plaintext_description: "ENGINE_ONE <sha256> <filename>",
      source: "ANALYSIS",
      subject: "sha256_here",
      timestamp: "2019-12-31T23:58:58",
    }
  ],
  "links": {
  	"next": "https://www.virustotal.com/api/v3/monitor/events?cursor=ABCDE123456%3D%3D",
    "self": "https://www.virustotal.com/api/v3/monitor/events"
  },
  "meta": {
  	"cursor": "ABCDE123456==",
    "job_id": "foobar"
  }
}
Query Params
string

Continue returning results from this cursor on.

string

A space-separated list of key:value accepting: 'action', 'creator_id', 'level', 'monitor_key', 'owner_id', 'source', 'timestamp', where operator is optional among '+', '-', and '='

string

Along with cursor, the corresponding job to continue returning results from.

Headers
string
required

Your API key

Response

Updated 3 months ago

Language
Request
Response 
Click Try It! to start a request and see the response here! Or choose an example:
text/plain
Updated 3 months ago