Forum Discussion
Virus Total Detection
Hello I was wondering if there is any chance of alerting when there is detection of malware in Virus Total but not ATP. Multiple times there have been malware executing with no detection in ATP b...
Victor5011 I don't think it's possible to detect it through an advanced hunting query. I've felt the same, virustotal does detect but MS doesn't.
You could probably use the MS Defender ATP API to fetch the SHA1, or an advanced hunting query, and then manually or by the virustotal API query it. However - it's a complex situation to get real alerts to act on of course.
I'm not that good at API's and so on, so that's out of my scope. But i suppose that this would work with some scripting/API knowledge, but here are some links:
https://support.virustotal.com/hc/en-us/articles/115002100149-API
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/apis-intro