Security Operations Suite arrow_forward expand_more
Solutions arrow_forward expand_more
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
Resources arrow_forward expand_more
Security Operations Suite arrow_forward expand_more
Solutions arrow_forward expand_more
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
Resources arrow_forward expand_more
Mandiant is now part of Google Cloud. Learn More Mandiant is now part of Google Cloud. .

Threat Intelligence

Put planetary-scale threat intelligence to work

Uncover more indicators of compromise, detect more threats, and integrate unparalleled threat intelligence from Mandiant and Google into your security operations workflows.

4B

Chrome browsers with safe browsing

2.5B

Gmail inboxes protected from phishing

6B

files and URLs analyzed by VirusTotal

Explore Threat Intelligence

Mandiant Integration

Get Mandiant insights from the frontlines

Ingrain Mandiant’s unique threat intelligence, including enrichment of threat indicators, confidence ratings, and malware details, across the entire detection and response lifecycle.

Focus your investigation efforts

Apply threat intelligence from the real life breach investigations to better validate, investigate, and respond to the threats that matter.

Understand the level of risk

Embedded malicious confidence rating provides additional context on associated hashes and malware associations.

Take smart action

Fully understand the type of malware detected and its impact on your environment before taking action.

Native Integration

Powerful Google Cloud Threat Intelligence (GCTI)

Drive better detections with high quality, actionable, out-of-the-box threat detection content curated, built, and maintained by Google Cloud Threat Intelligence researchers.

Detection coverage across various vectors of attack

Native detection sets cover a variety of threats across vectors, including Windows-based attacks like ransomware, remote-access tools (RAT), infostealers, data exfiltration, and suspicious activity.

Ongoing curation of detections built to detect latest threats

Unlock new detection coverage with new analytics regularly built by Google Cloud Threat Intelligence researchers uncovering new and latent attacks.

Powerful detection authoring platform to use new analytics

Use GCTI detections to build response actions and write rules customized to your environment.

VirusTotal Integration

Contextual VirusTotal integration

Conduct more effective investigations with insights at your fingertips from VirusTotal Enterprise, the world’s largest threat observatory.

Accelerate context-driven investigation and threat hunting

Save time and make better decisions with automated alert enrichment and instant insight into malicious files and URLs.

Seamless VirusTotal widget integration

Leverage the VirusTotal Augment widget to drive efficiencies in SOC processes, and enable faster search for artifacts like domains, IPs, URLs or hashes.

Map out attacker infrastructure, toolkits and modus operandi

Gain context beyond your network perimeter, expand your telemetry and explore related VirusTotal IoCs in a graphical manner.

Integration

Open threat-intelligence platform

Integrate your own threat intelligence feeds with Chronicle’s context-aware detections for increased alert fidelity and richer investigations.

API-driven open platform

Leverage API to programmatically access security data on the Chronicle. Customize threat intelligence consumption tailored to your environment.

Understand MITRE ATT&CK coverage

Map detection coverage to the MITRE ATT&CK framework to better understand adversary tactics and techniques and uncover potential gaps in defenses.

Integrate third party intelligence sources

Ingest third party intelligence feeds and drive additional coverage to attacks. Correlate easily and effectively with Chronicle driven context.

Related resources
SECURITY ANALYST DIARIES
Security Analyst Diaries: Episode 3

New Ingestion Metrics, New YARA-L Functions, and New VirusTotal Widget Integrations

REPORTS
Cloud Threat Intelligence: Threat Horizons Report

Get actionable threat intelligence to ensure your cloud environments are best protected against ever evolving threats.

BLOG
Fastest Two Minutes in SecOps: Threat hunting [Part 1] [Video]

In this episode of “Fastest Two Minutes in SecOps,” Google Cloud Principal Security Strategist John Stoner introduces you to the benefits of hunting, and also offers words of caution for teams who may rush into the practice before other competencies of their detection and response are sufficiently built out.

Want world-class threat intelligence?

Learn more about Threat Intelligence.

Contact us Visit the contact us page