Scenario: Create VirusTotal Intelligence (VTI) Queries An analyst needs to hunt for high-volume files associated with a specific threat actor but wants to avoid manually constructing complex search modifiers.
The Workflow: The analyst asks the agent to generate a VTI query for files linked to FIN11 that have at least 5 detections and over 1,000 submissions. The agent constructs the precise syntax. The analyst then instructs the agent to run the query and list the most common file types, returning a statistical breakdown of the actor's file infrastructure.
