VirusTotal-PowerBI-Lookup
A Power BI Report that accepts your VT API Key and a resource (ex: hash) to query. Queries VT using the VT API, parses the nested JSON response, and populates the report.
Background
This Power BI Template is based on the following blog article:
http://securitysynapse.blogspot.com/2020/10/virustotal-lookups-in-microsoft-power.html
Prerequisites
- VirusTotal API key (can be the free account key as well, so go create that account if you don't have one!)
- Microsoft Power BI Desktop
- Microsoft Power BI Service (Online) to share report and schedule updates
How to use
- Download the Power BI template (.pbit)
- Open the template
- Enter your VT API Key and the hash you want to query
- Wait for data to load
- Ensure reports are populated and working properly
- To update the hash: Home > Transform Data > Edit parameters
Possible limitations and opportunities to help!!
- Unable to modify hash parameter from report / dashboard to refresh data feed with new data natively from Power BI
- Drill through lookup using hash from previous report may be limited due to parameter update issue
- Potential for AV column rename to fail due to hard coded AV vendor names in power query
- Error handling could be improved for instances where VirusTotal does not have the data Ex: "response_code": 0 vs. "response_code": 1
Screenshots
