How to get Google Threat Intelligence API keys
VirusTotal
Attack Surface Management API
Digital Threat Monitoring API
Threat Intelligence API
Legacy Mandiant Threat Intelligence
VirusTotal
In order to get one you just have to register in VirusTotal Community (top right hand side of VirusTotal). Once registered, sign in into your account and you will find your public API in the corresponding menu item under your user name.
Or visit https://www.virustotal.com/gui/my-apikey
In this page you can find your apikey string:
Attack Surface Management API
ASM API keys can be generated in the platform by any user under their account settings.
Digital Threat Monitoring API
The Digital Threat Monitoring (DTM) API provides programatic access to Mandiant's DTM capabilities.
SERVICE API KEY
To obtain a Service API Key (which is tied to an organization rather than an individual user) for use with third-party security technologies such as a SIEM, contact Support.
To obtain an API Key ID and Secret for an individual user account, perform the following:
- Navigate to the Mandiant Threat Intelligence web console.
- Click Settings.
- Scroll to API Access and Keys or select it from the navigation menu.
- Click Get Key ID and Secret.
- Copy and store the displayed values in a secure location.
Authentication
The DTM API supports two forms of authentication:
- Bearer-based authentication using a valid JWT.
- Basic authentication using an API access Key ID and Secret.
Bearer Authentication
The first thing that you need to interact with the REST API is a valid Bearer token (JWT) that includes the DTM grant within the token.
You can use the /token endpoint to get the Bearer token.
Basic Authentication
Basic authentication requires obtaining and using an API Key ID and Secret.
When performing basic authentication with these values, the ID should be used as the username and the Secret as the password.
Threat Intelligence API
As a Mandiant Advantage customer or technology partner, the Threat Intelligence API is your gateway to the most contextually rich threat intelligence data available on the market today.
The Threat Intelligence API keys are the same as the Digital Threat Monitoring API.
Google Threat Intelligence
Legacy Mandiant Threat Intelligence
For customers who wish to use the legacy Mandiant Threat Intelligence integrations with their Google Threat Intelligence License key, they can use the following steps. The legacy integrations use Mandiant Threat Intelligence basic auth, which expects and api_key and api_secret, which must be updated to use the Google Threat Intelligence license key.
To do this you will need to use gti-user as the api_key and their Google Threat Intelligence license key as their api_secret.
Updated 3 days ago