Categories
Widget Image
Trending
Recent Posts
Wednesday, Jul 1st, 2026
HomeMCUVirusTotal Integration: Triage IOCs Faster in Feedly

VirusTotal Integration: Triage IOCs Faster in Feedly

15-second summary

A request for intelligence comes in, asking whether your organization is exposed to the threat actor behind the breaches in this week’s headlines. You confirm the group and its aliases and pull the IOCs tied to it. A couple of hours later you have hundreds of indicators and no clear sense of which ones matter.

Feedly Threat Intelligence now pulls VirusTotal enrichment directly into your research workflow, alongside the open-source intelligence (OSINT) you already get. In a single view you can:

  • Prioritize. Sort indicators by how often each is referenced across intelligence reports, so the ones that matter surface first.
  • Validate. Decide whether an indicator is malicious without leaving the card. VirusTotal verdicts, detections, and community notes sit beside Feedly’s OSINT.
  • Act. Export the indicators that meet your TIP or SIEM requirements as STIX 2.1, CSV, or MISP.

Research to validation to export, in minutes.

Here is a demo of how the integration works.

Hundreds of indicators, each needing a separate VirusTotal lookup

You need an answer fast, and there is no feed built for this actor yet. So you start digging: retroactive searches, filtered by time to cut out decayed indicators, pulling every piece of infrastructure, file hash, and campaign tie you can find. A few hours later, the list runs to hundreds of IOCs, and nothing in it tells you where to begin.

Then the real work begins. You cross-reference mention frequency across reports, then jump to VirusTotal to check detections, reputation, and community notes for each indicator. You are working across two tools and reconciling them by hand, once for every indicator on the shortlist.

The tax is small on any single indicator. It compounds across the queue.

I don’t care what APT29 did three days after they did it. I need to know what’s going on with an emerging event immediately, because that’s what leadership’s always asking.

CTI analyst, global investment firm

VirusTotal enrichment now lives inside your Insights Cards

What if the IoC context you reach for in VirusTotal lived already in Feedly?

Insights Cards now combine Feedly’s OSINT with your VirusTotal data in a single view. If you already have a VirusTotal license, you can connect it from your account settings in a few minutes. From then on, every indicator you investigate carries both layers automatically.

On the OSINT side, Feedly aggregates over 10,000 CTI sources and cross-references every indicator against MISP warning lists using NLP models fine-tuned on manually annotated data, so only genuinely malicious indicators surface. On the VirusTotal side, you get scan verdicts, detection counts, reputation scores, last analysis dates, network attribution, and community votes.

Together they answer the two questions that decide every triage call: who is behind this, and is it dangerous right now?

Prioritize: sort IOCs by how often they appear in reporting

Say you are researching ShinyHunters’ latest infrastructure. Open the group’s Threat Actor Insights Card and you get every IOC tied to them. Sort by mention frequency across intelligence reports, and the indicators cited most often rise to the top.

That corroboration signal does the first cut for you. Out of hundreds of indicators, you get a prioritized place to start, before you have opened a single card.

Validate: decide if it’s malicious without leaving the card

Once you know which IOCs to investigate, the IOC Insights Card brings together everything you need to make the call. The OSINT layer covers associated malware families, linked cyberattacks, and the other threat actors tied to the indicator. The VirusTotal layer adds the detection picture: verdicts, reputation scores, scan statistics, network attribution, WHOIS, certificate data, and community votes.

Feedly’s AI investments to this point have been very smart and very thoughtful. The trust is there. There’s just a level of confidence there versus some of our other products in our tech stack.

CTI analyst, global financial services firm

Act: export to your TIP

Triaged and validated, your indicators are ready to leave Feedly. Export the full IOC list, or individual indicators straight from the Insights Card, as STIX 2.1, CSV, or MISP. There is no extra cleanup round before ingestion. The indicators land in your TIP, SIEM, or network controls ready to act on.

Speed only goes so far if you’re not delivering it to people in a flexible way, according to the platform they’re already on. Just the ability to push it all to wherever they need it, in a fast, light way, is paramount.

CTI analyst, global investment firm

Open any indicator in VirusTotal in one click

When you need VirusTotal’s full dataset, one click opens the indicator in VirusTotal from the Insights Card. It is also how your team traces the enrichment back to its source, so the context is something you can stand behind when someone pushes on it.

The way in which things are being verified, the ability to verify, the traceback, everything else, very important.

CTI analyst, global asset management firm

Set it up in minutes with your existing license

Connecting VirusTotal to Feedly does not require a professional services engagement or any backend configuration. You bring your existing VirusTotal license, connect it in your account settings, and enrichment surfaces across your IOC Insights Cards from that point on.

See our setup guide for the details.

Your VirusTotal data stays yours

The VirusTotal data you bring into Feedly belongs to your investigation, not to the platform. It is visible only to your account, never stored by Feedly, and never shared with other users, including others in your own organization.

Start your free trial

Feedly helps CTI teams discover emerging threats, contextualize what matters, and deliver tailored intelligence in minutes. The VirusTotal integration brings detection verdicts and reputation alongside your OSINT, so you can confirm what’s malicious and deliver it ready to act on.

Try Feedly Threat Intelligence

Source link

No comments

leave a comment