Next steps

Now that you've created an alert action that supports adaptive response, you can:

  • Validate the add-on
  • Click the Validate and package icon on the confirmation page or from the Add-on Builder navigation bar. You can select which types of validation to perform, including AppInspect checks. You'll be prompted to provide your credentials for that.


  • Package the add-on
  • Also on the Validate & Package page, you can download the add-on package file as a tarball with the SPL file extension. Click Download Package.

  • Test your add-on with Splunk Enterprise Security (ES)
  • Install the add-on package on an instance of Splunk Enterprise with ES. (If ES is already installed on your instance of Splunk Enterprise, you don't need to install the add-on package—just restart Splunk Enterprise.) On the Splunk Web home page, click the Manage Apps Gears icon next to Apps, then click Set up under the actions for your new VirusTotal add-on. The setup page you created is displayed. Enter your API key, then click Save.

    [Setup page]

Learn more

For more information, see the following documentation: