Documentation

Community Reference

Google Threat Inteligence, is a collaborative platform fueled by the contributions of its vast community. One of the ways this collaborative spirit manifests is through the "Community Reference" feature. This feature enables a crowdsourced approach to collecting and organizing security intelligence from across the vast expanse of the internet, transforming it into actionable, public collections.

How It Works

  1. Crowdsourced collection: At its core, Community References is powered by the collective efforts of the cybersecurity community. Security companies, researchers, analysts, and enthusiasts from around the globe contribute by submitting blog posts, articles, and other online resources that discuss malware, vulnerabilities, threat actors, and other security-related topics.

  2. Curation and Enrichment: Once a URL is submitted, Google TI's systems analyze the content, extracting key pieces of information such as Indicators of Compromise (IOCs), including file hashes, domains, IP addresses, and more. This extracted data is then used to create structured, searchable records called Collections. The community references can be browsed at Reports & Analysis > Community References, each reference has a summary of its content, metadata of the reference, a link to the original post and to the related collection.

    community references


  3. IOC Collections: These enriched records are organized into public collections, the collection name will be extracted from the title of the reference. These collections serve as valuable repositories of security intelligence, providing context and insights into the latest threats and attack techniques. Collections can be browsed at Threat Landscape > IOC Collections, for more information on IOC collections you can read the documentation.

    ioc collection

Conclusion

Community References is a powerful tool that harnesses the collective intelligence of the cybersecurity community to improve threat detection, response, and overall security posture. By transforming scattered security blogs and articles into structured, searchable collections, Google TI is making security intelligence more accessible and actionable for everyone.

As the threat landscape continues to evolve, Community References will remain an invaluable resource for staying ahead of the curve.

Updated about 2 months ago