Jump to Content
Home
Guides
API Reference
v2.0
v3.0
API Reference
v3.0
Home
Guides
API Reference
Users
Search
All
Pages
Start typing to search…
JUMP TO
Introduction
VirusTotal API v3 Overview
Public vs Premium API
Technology Integrations
Getting started
Authentication
API responses
Errors
Key concepts
Objects
Collections
Relationships
Legend
API v2 to v3 Migration Guide
IOC REPUTATION & ENRICHMENT
IP addresses
Get an IP address report
get
Request an IP address rescan (re-analyze)
post
Get comments on an IP address
get
Add a comment to an IP address
post
Get objects related to an IP address
get
Get object descriptors related to an IP address
get
Get votes on an IP address
get
Add a vote to an IP address
post
Domains & Resolutions
Get a domain report
get
Request an domain rescan (re-analyze)
post
Get comments on a domain
get
Add a comment to a domain
post
Get objects related to a domain
get
Get object descriptors related to a domain
get
Get a DNS resolution object
get
Get votes on a domain
get
Add a vote to a domain
post
Files
Upload a file
post
Get a URL for uploading large files
get
Get a file report
get
Request a file rescan (re-analyze)
post
Get a file’s download URL
get
Download a file
get
Get comments on a file
get
Add a comment to a file
post
Get objects related to a file
get
Get object descriptors related to a file
get
Get a crowdsourced Sigma rule object
get
Get a crowdsourced YARA ruleset
get
Get votes on a file
get
Add a vote on a file
post
File Behaviours
Get a summary of all behavior reports for a file
get
Get a summary of all MITRE ATT&CK techniques observed in a file
get
Get all behavior reports for a file
get
Get a file behavior report from a sandbox
get
Get objects related to a behaviour report
get
Get object descriptors related to a behaviour report
get
Get a detailed HTML behaviour report
get
Get the EVTX file generated during a file’s behavior analysis
get
Get the PCAP file generated during a file’s behavior analysis
get
Get the memdump file generated during a file’s behavior analysis
get
URLs
Scan URL
post
Get a URL report
get
Request a URL rescan (re-analyze)
post
Get comments on a URL
get
Add a comment on a URL
post
Get objects related to a URL
get
Get object descriptors related to a URL
get
Get votes on a URL
get
Add a vote on a URL
post
Comments
Get latest comments
get
Get a comment object
get
Delete a comment
del
Get objects related to a comment
get
Get object descriptors related to a comment
get
Add a vote to a comment
post
Analyses, Submissions & Operations
Get a URL / file analysis
get
Get objects related to an analysis
get
Get object descriptors related to an analysis
get
Get a submission object
get
Get an operation object
get
Attack Tactics
Get an attack tactic object
get
Get objects related to an attack tactic
get
Get object descriptors related to an attack tactic
get
Attack Techniques
Get an attack technique object
get
Get objects related to an attack technique
get
Get object descriptors related to an attack technique
get
Popular Threat Categories
Get a list of popular threat categories
get
Code Insights
Analyse code blocks with Code Insights
post
Saved Searches
List Saved Searches
get
Get a Saved Search
get
Create a Saved Search
post
Share a Saved Search
post
Update a Saved Search
patch
Delete a Saved Search
del
Revoke access to a Saved Search
del
Get object descriptors related to a Saved Search
get
Get objects related to a Saved Search
get
VT Enterprise
Search & Metadata
Search for files, URLs, domains, IPs and comments
get
Advanced corpus search
get
Get file content search snippets
get
Get VirusTotal metadata
get
Collections
Create a new collection
post
Get a collection
get
Update a collection
patch
Delete a collection
del
Get comments on a collection
get
Add a comment to a collection
post
Get objects related to a collection
get
Get object descriptors related to a collection
get
Add new items to a collection
post
Delete items from a collection
del
🔒 List collections
get
🔒 Export IOCs from a collection
get
🔒 Export IOCs from a given collection's relationship
get
🔒 Export aggregations from a collection
get
🔒 Search IoCs inside a collection
get
Zipping files
Create a password-protected ZIP with VirusTotal files
post
Check a ZIP file’s status
get
Get a ZIP file’s download URL
get
Download a ZIP file
get
VT Hunting
YARA Rules
List Crowdsourced YARA Rules
get
Get a Crowdsourced YARA rule
get
Get objects related to a Crowdsourced YARA rule
get
Get objects descriptors related to a Crowdsourced YARA rule
get
IoC Stream
Get objects from the IoC Stream
get
Delete notifications from the IoC Stream
del
Get an IoC Stream notification
get
Delete an IoC Stream notification
del
🔒 Livehunt
Get Livehunt rulesets
get
Create a new Livehunt ruleset
post
Remove all Livehunt rulesets
del
Get a Livehunt ruleset
get
Update a Livehunt ruleset
patch
Check if a user or group is a Livehunt ruleset editor
get
Revoke Livehunt ruleset edit permission from a user or group
del
Delete a Livehunt ruleset
del
Get objects related to a Livehunt ruleset
get
Get object descriptors related to a Livehunt ruleset
get
Grant Livehunt ruleset edit permissions for a user or group
post
Transfer Livehunt ruleset to another user
post
Get Livehunt notifications
get
Delete Livehunt notifications
del
Get a Livehunt notification object
get
Delete a Livehunt notification
del
Retrieve file objects for Livehunt notifications
get
🔒 Retrohunt
Get a list of Retrohunt jobs
get
Create a new Retrohunt job
post
Get a Retrohunt job object
get
Delete a Retrohunt job
del
Abort a Retrohunt job
post
Retrieve matches for a Retrohunt job
get
VT GRAPH
VT Graphs
Search graphs
get
Create a graph
post
Get a graph object
get
Update a graph object
patch
Delete a graph
del
Get comments on a graph
get
Add a comment to a graph
post
Get objects related to a graph
get
Get object descriptors related to a graph
get
VT Graphs Permissions & ACL
Get users and groups that can view a graph
get
Grant users and groups permission to see a graph
post
Check if a user or group can view a graph
get
Revoke view permission from a user or group
del
Get users and groups that can edit a graph
get
Grant users and groups permission to edit a graph
post
Check if a user or group can edit a graph
get
Revoke edit graph permissions from a user or group
del
VT Private Scanning
🔒 Files
Upload a file
post
List private files
get
Get a URL for uploading large files
get
Rescan a private file
post
Get a private file report
get
Delete a private file report
del
Get objects related to a private file
get
Get object descriptors related to a file
get
🔒 Analyses
List private analyses
get
Get a private analysis
get
Get objects related to a private analysis
get
Get object descriptors related to a private analysis
get
🔒 File Behaviours
Get a behaviour report from a private file
get
Get the behaviour reports from a private file
get
Get objects related to a private file's behaviour report
get
Get object descriptors related to a private file's behaviour report
get
Get a summary of all behavior reports for a file
get
Get a summary of all MITRE ATT&CK techniques observed in a file
get
Get a detailed HTML behaviour report
get
Get the EVTX file generated during a private file’s behavior analysis
get
Get the PCAP file generated during a private file’s behavior analysis
get
Get the memdump file generated during a private file’s behavior analysis
get
🔒 URLs
Private Scan URL
post
Get a URL analysis report
get
Get objects related to a private URL
get
Get object descriptors related to a private URL
get
Zipping private files
Create a password-protected ZIP with VirusTotal private files
post
Check a ZIP file’s status
get
Get a ZIP file’s download URL
get
Download a ZIP file
get
VT FeedS
🔒 File intelligence feed
Get a per-minute file feed batch
get
Get a hourly file feed batch
get
Download a file published in the file feed
get
🔒 Sandbox analyses feed
Get a per-minute file behaviour feed batch
get
Get an hourly file behaviour feed batch
get
Get the EVTX file generated during a file’s behavior analysis
get
Get the memdump file generated during a file’s behavior analysis
get
Get the PCAP file generated during a file’s behavior analysis
get
Get a file behaviour's detailed HTML report
get
🔒 Domain intelligence feed
Get a minutely domain feed batch
get
Get an hourly domain feed batch
get
🔒 IP intelligence feed
Get a minutely IP address feed batch
get
Get an hourly IP address feed batch
get
🔒 URL intelligence feed
Get a minutely URL feed batch
get
Get an hourly URL feed batch
get
VT ENTERPRISE ADMINISTRATION
User management
Get a user object
get
Update a user object
patch
Delete a user
del
Get objects related to a user
get
Get object descriptors related to a user
get
Group management
Get a group object
get
Update a group object
patch
Get administrators for a group
get
Grant group admin permissions to a list of users
post
Check if a user is a group admin
get
Revoke group admin permissions from a user
del
Get group users
get
Check if a user is a group member
get
Remove a user from a group
del
Add users to a group
post
Get objects related to a group
get
Get object descriptors related to a group
get
Quota management
Get a user’s API usage
get
Get a group’s API usage
get
Service Account Management
Create a new Service Account
post
Get Service Accounts of a group
get
Get a Service Account object
get
Audit Log
Get Activity Logs
get
VT Augment
Overview
Rendering
Get a widget rendering URL
get
Retrieve the widget's HTML content
get
Theming
API Objects
Activity Log
Analyses
🔀 item
Attack Tactics
🔀 attack_techniques
Attack Techniques
🔀 attack_tactics
🔀 parent_technique
🔀 revoking_technique
🔀 subtechniques
🔀🔒 threat_actors
Collections
🔀 autogenerated_graphs
🔀 comments
🔀 domains
🔀 files
🔀 ip_addresses
🔀 owner
🔀 references
🔀🔒 related_collections
🔀🔒 related_references
🔀🔒 threat_actors
🔀 urls
Comments
🔀 author
Domains
🔀🔒 caa_records
🔀🔒 cname_records
🔀 collections
🔀 comments
🔀 communicating_files
🔀🔒 downloaded_files
🔀 graphs
🔀 historical_ssl_certificates
🔀 historical_whois
🔀 immediate_parent
🔀🔒 mx_records
🔀🔒 ns_records
🔀 parent
🔀 referrer_files
🔀 related_comments
🔀🔒 related_references
🔀🔒 related_threat_actors
🔀 resolutions
🔀 siblings
🔀🔒 soa_records
🔀 subdomains
🔀🔒 urls
🔀🧑💻 user_votes
🔀 votes
Files
androguard
asf_info
authentihash
bundle_info
class_info
crowdsourced_ids_results
crowdsourced_ids_stats
crowdsourced_yara_results
deb_info
detectiteasy
dmg_info
dot_net_assembly
dot_net_guids
elf_info
🔒 exiftool
html_info
image_code_injections
ipa_info
isoimage_info
jar_info
javascript_info
known_distributors
lnk_info
macho_info
magic
🔒 malware_config
monitor_info
nsrl_info
🔒 office_info
🔒 openxml_info
packers
password_info
pdf_info
pe_info
popular_threat_classification
powershell_info
rombios_info
🔒 rtf_info
sandbox_verdicts
sigma_analysis_results
sigma_analysis_stats
signature_info
snort
suricata
ssdeep
swf_info
telfhash
tlsh
traffic_inspection
trid
vba_info
wireshark
🔀🔒 analyses
🔀 behaviours
🔀 bundled_files
🔀🔒 carbonblack_children
🔀🔒 carbonblack_parents
🔀 collections
🔀 comments
🔀🔒 compressed_parents
🔀 contacted_domains
🔀 contacted_ips
🔀 contacted_urls
🔀 dropped_files
🔀🔒 email_attachments
🔀🔒 email_parents
🔀🔒 embedded_domains
🔀🔒 embedded_ips
🔀🔒 embedded_urls
🔀 execution_parents
🔀 graphs
🔀🔒 itw_domains
🔀🔒 itw_ips
🔀🔒 itw_urls
🔀🔒 overlay_children
🔀🔒 overlay_parents
🔀🔒 pcap_children
🔀🔒 pcap_parents
🔀 pe_resource_children
🔀 pe_resource_parents
🔀🔒 related_references
🔀🔒 related_threat_actors
🔀🔒 screenshots
🔀 sigma_analysis
🔀🔒 similar_files
🔀🔒 submissions
🔀🔒 urls_for_embedded_js
🔀🧑💻 user_votes
🔀 votes
🔀 memory_pattern_domains
🔀 memory_pattern_ips
🔀 memory_pattern_urls
Files Behaviour
dns_lookups
files_copied
files_dropped
http_conversations
ip_traffic
permissions_checked
processes_tree
sms_sent
tags
verdicts
🔀 file
🔀 attack_techniques
Graphs
🔀 comments
🔀 editors
🔀 group
🔀 items
🔀 owner
🔀 viewers
Groups
🔀🧑💻 administrators
🔀🧑💻 graphs
🔀🧑💻 users
Hunting Notifications
Hunting Rulesets
🔀 🧑💻owner
🔀🧑💻 editors
🔀🧑💻 viewers
🔀🧑💻 hunting_notification_files
IoC-Stream Notifications
IP addresses
🔀 collections
🔀 comments
🔀 communicating_files
🔀🔒 downloaded_files
🔀 graphs
🔀 historical_ssl_certificates
🔀 historical_whois
🔀 related_comments
🔀🔒 related_references
🔀🔒 related_threat_actors
🔀 referrer_files
🔀 resolutions
🔀🔒 urls
🔀🧑💻 user_votes
🔀 votes
Operations
🔒 Private Analyses
🔀 item
🔀 submitter
🔒 Private Files
🔀 behaviours
🔀 dropped_files
🔀 execution_parents
🔀 embedded_urls
🔀 embedded_domains
🔀 embedded_ips
🔒 Private Files Behaviours
🔀 attack_techniques
🔀 file
🔒 Private URLs
🔒 Private URLs Behaviours
Resolutions
Retrohunt Jobs
🔀🧑💻 matching_files
🔀🧑💻 owner
Screenshots
Sigma Analyses
🔀 rules
Sigma Rules
SSL Certificate
Submissions
URLs
🔀🔒 analyses
🔀 collections
🔀 comments
🔀🔒 communicating_files
🔀🔒 contacted_domains
🔀🔒 contacted_ips
🔀🔒 downloaded_files
🔀🔒 embedded_js_files
🔀 graphs
🔀 last_serving_ip_address
🔀 network_location
🔀🔒 redirecting_urls
🔀🔒 redirects_to
🔀🔒 referrer_files
🔀🔒 referrer_urls
🔀 related_comments
🔀🔒 related_references
🔀🔒 related_threat_actors
🔀🔒 submissions
🔀🧑💻 user_votes
🔀 votes
🔀🔒 urls_related_by_tracker_id
Users
🔀🧑💻 api_quota_group
🔀 collections
🔀 comments
🔀 graphs
🔀🧑💻 groups
🔀🧑💻 hunting_rulesets
🔀🧑💻 hunting_notifications
🔀🧑💻 hunting_notification_files
🔀🧑💻 intelligence_quota_group
🔀 mentions
🔀🧑💻 retrohunt_jobs
🔀 votes
Saved Searches
Service Accounts
🔀🧑💻 api_quota_group
🔀 comments
🔀🧑💻 groups
🔀🧑💻 intelligence_quota_group
🔀 mentions
Votes
Whois
YARA Rules
YARA Rulesets
VT Monitor
Software Publishers
Monitor Items
Get a list of MonitorItem objects by path or tag
get
Upload a file or create a new folder
post
Get a URL for uploading files larger than 32MB
get
Get attributes and metadata for a specific MonitorItem
get
Delete a VirusTotal Monitor file or folder
del
Configure a given VirusTotal Monitor item (file or folder)
patch
Download a file in VirusTotal Monitor
get
Get a URL for downloading a file in VirusTotal Monitor
get
Get the latest file analyses
get
Get user owning the MonitorItem object
get
Retrieve partner's comments on a file
get
Retrieve statistics about analyses performed on your software collection
get
Retrieve historical events about your software collection
get
Antivirus Partners
Get a list of MonitorHashes detected by an engine
get
Get a list of analyses for a file
get
Get a list of items with a given sha256 hash
get
Create a comment over a hash
post
Get comments on a sha256 hash
get
Add a comment on a sha256 hash
patch
Remove a comment detection for a hash.
del
Download a file with a given sha256 hash
get
Retrieve a download url for a file with a given sha256 hash
get
Download a daily detection bundle directly
get
Get a daily detection bundle download URL
get
Get a list of MonitorHashes detected by an engine
get
Users
Information about a VirusTotal user
