It's pretty much useless if you have a medium to high volume of IPs included in alerts/incidents. Rate limit is like 4 per minute. BTW sentinel now has enrichment widgets for IP addresses so no need to include a task for this. If you still want to use logic apps, use the HTTP connector rather than the built-in virus total one. This way you can check the status code of the call. If it returns 204 you can call another HTTP with a different api key. Somewhat ugly but could work to overcome rate limitations
Great video, just wondering.. adding the tasks (via the automation rule) shouldnt have an effect on costs? its only when they are logic apps? is that right?
Outstanding
I had no idea virus total has a free API. Thanks for sharing!
It's pretty much useless if you have a medium to high volume of IPs included in alerts/incidents. Rate limit is like 4 per minute.
BTW sentinel now has enrichment widgets for IP addresses so no need to include a task for this.
If you still want to use logic apps, use the HTTP connector rather than the built-in virus total one. This way you can check the status code of the call. If it returns 204 you can call another HTTP with a different api key. Somewhat ugly but could work to overcome rate limitations
it is actually useless. true. @@alexandervogtsanchez7522
Great video, just wondering.. adding the tasks (via the automation rule) shouldnt have an effect on costs? its only when they are logic apps? is that right?
Thanks for the video, do you require VirusTotal premium for the lookup from Sentinel to work?