You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When various Wazuh servers generate requests to the VirusTotal services from the same IP addresses and with different API keys, the services reach the limit with a single request. It is presumed that the IP addresses were banned.
VirusTotal support answer
Hello,
Those IPs have not been banned, but our anti-abuse systems detected anomalous activity, thousands of requests checking files report and not uploading any hash.
Do you have more information about the integration? Can you share screenshots?
Which VirusTotal information is provided to the end customers?
Best regards,
Based on VirusTotal customer support response about MD5 hashes missing, we perform the following tasks:
Inventory of environments with VirusTotal integration.
Review de integration.log to find out any errors about MD5.
We didn't find md5-based errors on /var/ossec/logs/integrations.log or /var/ossec/logs/ossec.log but we found this and could be related to this problem.
2023/04/10 02:19:53 wazuh-integratord: ERROR: While running virustotal -> integrations. Output: UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf3 in position 1812: invalid continuation byte
The byte 0xf3 is in latin-1 encoding the ´ character
Problem
When various Wazuh servers generate requests to the VirusTotal services from the same IP addresses and with different API keys, the services reach the limit with a single request. It is presumed that the IP addresses were banned.
VirusTotal support answer
Information provided to VirusTotal
Do you have more information about the integration? Can you share screenshots?
Please find Virustotal integration here https://github.com/wazuh/wazuh/blob/master/integrations/virustotal
Which VirusTotal information is provided to the end customers?
Only need to provide their API key. Please find more information here >> https://documentation.wazuh.com/current/user-manual/capabilities/malware-detection/virus-total-integration.html
The text was updated successfully, but these errors were encountered: