API Reference
Start typing to search…

Retrieve file objects for Livehunt notifications

get
https://www.virustotal.com/api/v3/intelligence/hunting_notification_files
❗️

Important

Hunting notifications files are no longer showed in the web interface. Use the /api/v3/ioc_stream endpoint instead to retrieve objects from IoC-Stream notifications.

Each file object returned, in addition to all the file details, has a context_attributes property that contains information about the VT Hunting Livehunt notification tied to the file, this is an example:

"context_attributes": {
  "match_in_subfile": false,
  "notification_date": 1543301214,
  "notification_id": "961092289288866-4582222113734656-3c7f77cc43338e14824c111671beef30",
  "notification_snippet": "00 61 64 64 41 75 64 69 6F [...]",
  "notification_source_key": "b3190c38",
  "notification_tags": [
    "bozok",
    "rats",
    "a2d2906f7ad5265165c25baed76d342b48b8bc5f4d9db6004e9e6dd72eaea4e1"
  ],
  "ruleset_id": "5706526672224256",
  "ruleset_name": "rats",
  "rule_name": "Bozok",
  "rule_tags": [],
}

Other than that, the filter parameter allows to filter the matching files according to the VT Hunting Livehunt notification properties. You can filter by the name of the matching rule, match date, rule namespace, ruleset or file hash. Notice however that this only works with the exact keyword, not substrings of it.

For more information check the user's hunting_notification_files relationship.

Query Params
string
Defaults to 10

Maximum number of notifications to retrieve

string

Continuation cursor

string

String to search with in the hunting notification tags

int32
Defaults to 200

Maximum number of notifications counted (meta.count in the response) 10,000 max

Headers
string
required

Your API key

Responses

Updated 4 months ago

Language
Response 
Click Try It! to start a request and see the response here! Or choose an example:
application/json
Updated 4 months ago