VirusTotal token configurationThis document explains step-by-step how to configure the API token required for the VirusTotal App to work properly in Splunk. The token is provided by VirusTotal and is needed to perform API lookups and enrich data directly from Splunk.1. PrerequisitesBefore you start, make sure you have:✔ A VirusTotal accountYou can create it on the official VirusTotal website.✔ An API token (VirusTotal API Key)You will find it in your user profile:VirusTotal → User Profile → API Key✔ Splunk Enterprise / Splunk Cloud accessWith permissions to install apps and access their configuration pages.2. Accessing to the Set up page of VirusTotal AppLog in to your Splunk instance.Navigate to the set up page: Apps → Manage Apps → VirusTotal App and click on «Set up» option3. Configuring the VirusTotal TokenThe VirusTotal App includes a dedicated menu for configuring the API token.Go to the API Key tab: Paste your VirusTotal API token here.Click Save API Key.Once saved, the app is ready to perform VirusTotal lookups.