Get started with Threat Graph
Google Threat Intelligence Graph is a visualization tool built on top of Google Threat Intelligence data set. It understands the relationship between files, URLs, domains, IP addresses and other items encountered in an ongoing investigation. With it, you can pivot intelligently over any of the malware artifacts in your graph and synthesize your findings into a threat map that you can share with your colleagues.
Google Threat Intelligence Graph Overview
Google Threat Intelligence Graph search and start new investigation
Google Threat Intelligence Graph management
Google Threat Intelligence Graph nodes
Google Threat Intelligence Graph Commonalities and Hunting
Quick access to relevant graphs to you
Toolbar
Google Threat Intelligence Graph API
Getting Started: Key Steps
- Understanding Nodes and Relationships
The Google Threat Intelligence backend maps over 30 types of relationships between files, URLs, domains, and more. Explore this network in an interactive graph, following the links between nodes and arcs to discover new infrastructure and artifacts used by your adversaries - How to Search and Start a New Graph Investigation
- Search For Threat Graphs: Using the search functionality, you can search for other graphs that have been published publicly by the security community, or search for ones published by your team. You are also able to search for files or hashes to see Threat Graphs for those entities.
- You can start a new graph from the Graph tab, clicking on the New graph button, or from a file report clicking on More > Explore in Threat Graph
- Find Commonalities and Start Hunting in Your Threat Graphs
Commonalities and Hunting: Accelerate your investigations with Google Threat Intelligence Commonalities feature. By identifying common patterns within your selected nodes or relationships, you'll gain critical insights into the tactics, techniques, and procedures (TTPs) of your adversaries.
Quick access to relevant graphs to you
This overview page shows different list of graphs:
- Your graphs: It includes your saved graphs and those graphs where you are editor or viewer
- All graphs: It includes the public graphs
- My group graphs: It includes the graphs from my group
Toolbar
For any of the list of graphs you are able to
: Sort by different criteria
/ : Switch between list and grid views
Google Threat Intelligence Graph API
As most of our other products, Google Threat Intelligence Graph is getting a restful API. The documentation can be found here and a Python library to reduce the learning curve; it is available in our Github repository.
Updated 23 days ago