From 1699dfc5cf721459db8b7b647f655776e75f5f15 Mon Sep 17 00:00:00 2001 From: Eric Conrad Date: Tue, 27 Jun 2023 14:37:10 -0400 Subject: [PATCH] Update README-DeepBlueHash.md --- READMEs/README-DeepBlueHash.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/READMEs/README-DeepBlueHash.md b/READMEs/README-DeepBlueHash.md index a8fe476..519421c 100644 --- a/READMEs/README-DeepBlueHash.md +++ b/READMEs/README-DeepBlueHash.md @@ -6,6 +6,13 @@ Parses the Sysmon event logs, grabbing the SHA256 hashes from process creation ( ## VirusTotal and Safelisting setup +**Note**: Virustotal has changed their free API, and now severelly limits the number of lookups you can do for free. It was one every 15 seconds, but is now: + + - Daily quota 1 lookups / day + - Monthly quota 31 lookups / month + +I reached to to them to see how much a paid API will cost for this purpose. I may retire this tool if the cost is prohibitive. + Setting up VirusTotal hash submissions and safelisting: The hash checker requires Post-VirusTotal: