Malicious file detection & response: Wazuh to VirusTotal with Slack alerts
Malicious File Detection & Threat Summary Automation using Wazuh + VirusTotal + n8n This workflow helps SOC teams automate the detection and reporting of potentially malicious files using Wazuh alerts, VirusTotal hash...
Template notes
Malicious File Detection & Threat Summary Automation using Wazuh + VirusTotal + n8n
This workflow helps SOC teams automate the detection and reporting of potentially malicious files using Wazuh alerts, VirusTotal hash validation, and integrated summary/report generation. It's ideal for analysts who want instant context and communication for file-based threats — without writing a single line of code.
---
What It Does
When Wazuh detects a suspicious file:
- Ingests Wazuh Alert A webhook node captures incoming alerts containing file hashes (SHA256/MD5).
- Parses IOCs Extracts relevant indicators (file hash, filename, etc.).
- Validates with VirusTotal Automatically checks the file hash reputation using VirusTotal's threat intelligence API.