Documentation

Get started with Threat Landscape

Introduction

Google Threat Intelligence (Google TI) empowers you to create a tailored Threat Landscape by defining custom Threat Profiles. These profiles filter Google TI's vast threat intelligence, ensuring you focus only on the threats most relevant to your organization. Monitor these threats over time within your Threat Landscape to seamlessly integrate actionable intelligence into your existing security workflows.

By following this brief guide, you'll learn how to set up personalized Threat Profiles, monitor the most relevant threats, and integrate actionable intelligence into your existing security processes, allowing you to uncover and mitigate digital risks from the start.

Brief Overview: How Threat Landscape and Profiles Work

Threat Profiles let you apply top-level filters for target Industries and target Regions to immediately provide a more focused view of relevant threats. You can create many profiles, keep them private to you, or make them viewable by others, and edit the criteria for them anytime.

threat landscape profile example

Getting Started: Key Steps

  1. Create a Threat Profile:
    Work through the Create your Threat Profile workflow to start developing a threat profile. Threat Profiles will help you better understand the actors, malware, campaigns, and vulnerabilities that should be of interest to you based on your organizational profile, your industry and your region, which will all help you better operationalize and hone in on the things that are the most important to you as an organization.

    Create profile form in threat landscape

  2. Review Threat Landscape Features:
    Curated Threat Actors: Google Threat Intelligence provides in-depth, contextualized insights into threat actors, including their historical activity, along with relevant reports and news analysis for easy review.
    Community Threat Actors: Access community-created threat actor cards within Google Threat Intelligence, enriched with data from trusted sources like MISP, MITRE, and others.
    Malware: Explore highly contextualized details about malware families and their associated tools with Google Threat Intelligence.
    Campaigns: The Threat Campaign feature in Google Threat Intelligence empowers security professionals with visibility into active campaigns targeting their industries, regions, and peers.
    IoC Collections: IoC Collections in Google Threat Intelligence empower you to create and share live reports containing groups of indicators of compromise (IoCs). These reports, accessible to the Google Threat Intelligence Community, are enriched with Google's analysis and metadata, providing you with the latest information and insights on potential threats.
    TTP Analysis: With Google Threat Intelligence, you can explore threat actors and malware profiles mapped to the MITRE ATT&CK® framework. This allows you to analyze threats based on their observed TTPs, enabling you to prioritize risks, anticipate adversary behavior, and make informed decisions to protect your organization.

Additional Considerations

Explore everything Google knows about the global threat landscape regarding threat actors, campaigns, malware, and more:

  • Activate the threat profile AI/ML model recommendations to get tailored suggestions for Actors, Malware, and Campaigns based on your settings below.

    Threat profile customization options

  • Familiarize yourself with Google Threat Intelligence's naming conventions, confidence ratings, and approach to suspected attribution to get valuable insights into threat actor’s motivations and the overall threat landscape.

  • Utilize the Techniques and Key Events on the timeline to better understand the key events that are relevant to a campaign, as tagged by analysts – for example, host commands that were executed by a threat actor and the compilation time of malicious executables.

  • The Google Threat Intelligence Indicator score system is designed to help SecOps teams prioritize the most significant security threats. Threat scores are calculated for various entities, such as files, domains, IP addresses, and URLs.

  • Certain data within Google Threat Intelligence may have restrictions based on your geographical location; please contact your sales representative or account team for more information.

Should you have any additional questions, don't forget to utilize our Google Cloud Community Forums; or reach out to our support team.

Updated 16 days ago