It would be super amazing to match attachment files and URLs against the VirusTotal API, and surface that integration to the rule matcher. This would really upgrade our automation capabilities, allowing us to detect when a user has reported a known-malicious file and respond accordingly. I think this would look like another rule matcher, for "has malicious file", "has malicious URL", "does not have malicious file", "does not have malicious URL", and the API call when a report is created to upload the file and run the scan.
It would be super amazing to match attachment files and URLs against the VirusTotal API, and surface that integration to the rule matcher. This would really upgrade our automation capabilities, allowing us to detect when a user has reported a known-malicious file and respond accordingly. I think this would look like another rule matcher, for "has malicious file", "has malicious URL", "does not have malicious file", "does not have malicious URL", and the API call when a report is created to upload the file and run the scan.