Minimum Threshold for Malicious Flags on VirusTotal
egrizzly
Member Posts: 533 ■■■■■□□□□□
Hi all,
What is the minimum number of IPs flagged as malicious on VirusTotal that your team has before a particular IOC is considered MALICIOUS. Can you share your reason?
Wanted shared insights because from working at different companies I have seen anywhere from 2 to 30 malicious flags before teams determine an IP (or domain, file hash, etc) is malicious. See an example from the URL below:
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Tagged:
Comments
-
JDMurray
Admin Posts: 13,113 Admin
It's not the number of vendors flagging but instead which vendors are flagging. Pick the security vendors you trust the most (e.g., Trellix, Symantec, Malwarebytes, PhishLabs, etc.) and look for flags from only them.