Threat Intelligence
Put planetary-scale threat intelligence to work
Uncover more indicators of compromise, detect more threats, and integrate unparalleled threat intelligence from Mandiant and Google into your security operations workflows.
4B
Chrome browsers with safe browsing
2.5B
Gmail inboxes protected from phishing
6B
files and URLs analyzed by VirusTotal
Explore Threat Intelligence
Mandiant Integration
Get Mandiant insights from the frontlines
Ingrain Mandiant’s unique threat intelligence, including enrichment of threat indicators, confidence ratings, and malware details, across the entire detection and response lifecycle.
Apply threat intelligence from the real life breach investigations to better validate, investigate, and respond to the threats that matter.
Embedded malicious confidence rating provides additional context on associated hashes and malware associations.
Fully understand the type of malware detected and its impact on your environment before taking action.
Native Integration
Powerful Google Cloud Threat Intelligence (GCTI)
Drive better detections with high quality, actionable, out-of-the-box threat detection content curated, built, and maintained by Google Cloud Threat Intelligence researchers.
Native detection sets cover a variety of threats across vectors, including Windows-based attacks like ransomware, remote-access tools (RAT), infostealers, data exfiltration, and suspicious activity.
Unlock new detection coverage with new analytics regularly built by Google Cloud Threat Intelligence researchers uncovering new and latent attacks.
Use GCTI detections to build response actions and write rules customized to your environment.
VirusTotal Integration
Contextual VirusTotal integration
Conduct more effective investigations with insights at your fingertips from VirusTotal Enterprise, the world’s largest threat observatory.
Save time and make better decisions with automated alert enrichment and instant insight into malicious files and URLs.
Leverage the VirusTotal Augment widget to drive efficiencies in SOC processes, and enable faster search for artifacts like domains, IPs, URLs or hashes.
Gain context beyond your network perimeter, expand your telemetry and explore related VirusTotal IoCs in a graphical manner.
Integration
Open threat-intelligence platform
Integrate your own threat intelligence feeds with Chronicle’s context-aware detections for increased alert fidelity and richer investigations.
Leverage API to programmatically access security data on the Chronicle. Customize threat intelligence consumption tailored to your environment.
Map detection coverage to the MITRE ATT&CK framework to better understand adversary tactics and techniques and uncover potential gaps in defenses.
Ingest third party intelligence feeds and drive additional coverage to attacks. Correlate easily and effectively with Chronicle driven context.
New Ingestion Metrics, New YARA-L Functions, and New VirusTotal Widget Integrations
Get actionable threat intelligence to ensure your cloud environments are best protected against ever evolving threats.
In this episode of “Fastest Two Minutes in SecOps,” Google Cloud Principal Security Strategist John Stoner introduces you to the benefits of hunting, and also offers words of caution for teams who may rush into the practice before other competencies of their detection and response are sufficiently built out.
Want world-class threat intelligence?
Learn more about Threat Intelligence.
Visit the contact us page