The malicious file scanner API can identify ransomware, trojans, keyloggers, adware, rootkits, spyware and similar unwanted software. This API accepts a file and performs a live analysis in a sandbox to determine if it displays malware behaviors such as attempts to access hard drives, encrypt files and so on.
Once a file is detected as a threat, the file is quarantined and blocked from further access to the computer. This allows your security solution to detect new viruses and other malware before they have the chance to spread.
This API provides a simple REST interface that can scan files and documents for threats and return a list of results. It uses a combination of multiple antivirus engines and can even run in real-time.
Stay Ahead of the Threats: Leveraging a Malicious File Scanner API for Advanced Malware Detection
It supports a variety of different languages and formats, allowing for complex integrations. It also provides a range of other functionality such as multi-threat scanning, high-performance scanning capabilities and over 5 million virus and malware signatures with continuous cloud-based updates.
Wazuh FIM monitors for changes to files and triggering an alert if any are added or modified. The VirusTotal integration receives the alert and extracts the file hash, making an HTTP POST call to the public VirusTotal API with the extracted hash to compare against the VirusTotal database. If the hash is not found, the integration will return an error message. The error message will state that the quota for the public VirusTotal API request rate limit has been reached.