Overview

• Nodes
• Search and commonalities
• Graphs Management

Google Threat Intelligence Graph is a visualization tool built on top of Google Threat Intelligence data set. It understands the relationship between files, URLs, domains, IP addresses and other items encountered in an ongoing investigation. With it, you can pivot intelligently over any of the malware artifacts in your graph and synthesize your findings into a threat map that you can share with your colleagues.

Relationships oriented

Google Threat Intelligence's backend generates rich relationships: URLs from which a file has been downloaded, whether a given file been seen contained in some other files, what are the parents of a given Portable Executable, domain to IP address mappings over time, etc. Explore all these 30+ inter-item links in a graph, with nodes and arcs that allow you to discover new infrastructure and artifacts leveraged by the subjects of your investigation.

Create, collaborate, share

Work in the same investigation with your peers, save your investigation graphs and publish your findings either publicly or with your organization.

Find patterns

Common patterns and commonalities are very interesting and, in a way, a critical piece in the investigation, this is why we have decided to calculate them on-demand for you. Just select a group of nodes in the graph and click on “Find commonalities” to see a list of common attributes in the selection.

Seamless integration with VTI search and hunting

Expand a node using a VTI search query or download the selected nodes in the graph. Google Threat Intelligence Graph works along with their sibling VT tools.

Threat cards

Hover over any of the nodes in your graph and see a summary of the item with the most representative data in Google Threat Intelligence database. Click in the node to see the available expansions, the submission graph, the AV verdicts (for files and urls) and the community comments.

Custom nodes

Google Threat Intelligence dataset might not know a link between two entities as it might only happen in your environment. VT Graph allow you to manually add this links and furthermore, to add a new node to the graph even when VT doesn’t know about it. Our supported custom types are file, url, domain, IP address, actor, department, email and victim.