Special privileges required
Threat Actors and Campaigns are only available to users with the Google Threat Intelligence (Google TI) Enterprise or Enterprise Plus licenses.
This section lists the endpoints related to Google TI's Threat Intelligence objects whose type is given by the collection_type parameter and can be one of the followings:
collection: Collections of Indicators of Compromise are grouped together based on their observed usage in the wild in malicious campaigns or their association with specific malware families. This OSINT and also curated information is provided by our users and certain trusted partners and security researchers, automatically created based on Reports from the cybersecurity community or by our Google TI experts. UIthreat-actor: Threat Actors curated information exposed by our Google TI experts tracking them or by certain trusted partners and security researchers. UImalware-family: Curated information related to malware families. This information is provided by our Google TI experts and certain trusted partners and security researchers. UIsoftware-toolkit: Curated information related to malicious software or toolkits used in threat campaigns. This information is provided by our Google TI experts. UIcampaign: Curated information related to threat campaigns. This information is provided by our Google TI experts. UIreport: OSINT and curated threats related reports. They could be crowdsourced references created by the cybersecurity industry, curated reports created by certain trusted partners and security researchers or our Google TI experts. UIvulnerability: Curated information of vulnerabilities and exploitations coming from our Google TI experts analysis. UI
Note that Reports and Vulnerabilities endpoints are documented in a separate section.