Setting up a VirusTotal Connection
Privilege Manager can perform real-time reputation checks for any unknown applications by integrating with analysis tools like VirusTotal. This article shows how to set up the integration between Privilege Manager and VirusTotal and then create a monitoring policy in Privilege Manager for reputation checking.
VirusTotal API Key
As a first step the VirusTotal Ratings Provider has to be configured. For this,
- Sign up for a Free VirusTotal account at https://www.virustotal.com/.
- Sign in to VirusTotal and find your API key under your Username | Settings | API Key.
Install VirusTotal
As a second step VirusTotal needs to be installed in Privilege Manager.
You need outbound access on your server for that installation.
-
Open a browser on your Privilege Manager Web Server.
-
Browse to https://YourInstanceName/TMS/Setup/.
-
On the Currently Installed Products screen, choose Install/Upgrade Products.
-
Check the Delinea VirusTotal Reputation Connector, click Install. Then Accept the End User License Agreement. You will see your Installation Progress.
Note: If the installation of VirusTotal initially fails, redirect to https://YourInstanceName/TMS/Setup/ and click the Repair button next to the VirusTotal Product.
-
Navigate to Thycotic Privilege Manager | Admin | Configuration | Reputation tab.
-
Select VirusTotal Rating Provider from the Select Rating Provider drop down menu.
-
Enter the VirusTotal API Key, click Update.
-
Enter information under Details and specify settings for Suspect and Bad classifications.
-
Click Save Changes.
VirusTotal can be used without API Key. If the free version is used, reputation checks are limited to 4 per Minute. Delinea does not recommend this for a production environment.
For the implementation example below, we are creating two filters, using one default filter, and creating a policy. One filter is the standard Security Rating Filter the other filter controls, that we only send applications to VirusTotal for a reputation check that are in the user's Downloads and Temp directories.
Further details about creating a Security Rating Filter and other needed filters to work with reputation checking policies refer to the Reputation Checking topic.