Google Threat Intelligence - Provisioning guide

This page is designed to guide new Google Threat Intelligence customers through the Provisioning process.

Provisioning Form

During each purchase or renewal process for a Google Threat Intelligence license, an admin email address is provided to the Google Threat Intelligence Provisioning team. After the contract has been signed, this person will receive an email with a link to a form where they will need to confirm the provisioning information in order for us to provision the correct account.

Specifically:

  • Google TI Product - Google Threat Intelligence package that has been purchase.
  • Add-ons - Available add-ons such as File Feeds.
  • Additional daily API quota - Additional API calls packages on top of the licensed Google Threat Intelligence package.
  • Contract Start Date - Start date of the contract.
  • Contract End Date - End date of the contract.
  • GTI group admin email - This person is the recepient of the email and will be the admin of the Google Threat Intelligence group.
  • Account Manager / Solution Architect Email - Point of contact at Google in case there is any issue during this Google Threat Intellince provisioning process.
  • Industry - Company's industry.
  • Headquarters Country - Country where the center of operations or administration is.
  • Contact emails - Provide points of contact at the customer side in case there is any issue with the account / contract.

IMPORTANT for VirusTotal and/or Mandiant Advantage customers

If you are an existing VirusTotal or Mandiant Advantage customer, you will need to provide the following information in order for us to migrate your existing configurations (VirusTotal Livehunts, Mandiant DTM monitors, Mandiant ASM projects, etc.) from your legacy accounts over to your new Google Threat Intelligence license.

  • VirusTotal customer - You will need to provide your VirusTotal Group Token:

    • If the person that receives the provisioning email is already part of the VirusTotal group, we will ask them to login in their VirusTotal account, nothing else need to be made.
    • If the person that receives the provisioning email is not part of the existing VirusTotal group, ask someone there to provide the VirusTotal Group Token. A member of the VirusTotal group will be able to look at this information under their group view (https://www.virustotal.com/gui/group/{group_id}/):

    VirusTotal Group Token

🚧

Important note!

Users that are currently in a VirusTotal group won't be able to be added to the new Google Threat Intelligence group as one user can not exist in two different groups at the same time, so please, if your company is already an existing VirusTotal customer, make sure someone on that VirusTotal group provide you with the Group Token and make sure you provide it in this form.

  • Mandiant customer - You will need to provide your Mandiant organization UUID:

    • If the person that receives the provisioning email is already part of the Mandiant organization, they will see a list with all organizations that they belong to. They will need to choose one if they want their existing configurations to be migrated or choose create a new one. If your Mandiant organization is not part of the list, select other and provide the Mandiant organization UUID. A member of the organization will be able to look at this information by logging into their account and checking this URL: https://advantage.mandiant.com/accountmanagement#organizations
    • If the person that receives the provisioning email is not part of the existing Mandiant organization, ask someone there to provide the Mandiant organization UUID. A member of the organization will be able to look at this information by logging into their account and checking this URL: https://advantage.mandiant.com/accountmanagement#organizations

    Mandiant organization UUID