Google Threat Intelligence Solution (public preview)

Solution: Google Threat Intelligence

Google Threat Intelligence Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Google
Support Tier	Partner
Support Link	https://www.virustotal.com/gui/contact-us
Categories	domains
Version	3.2.2
Author	Google
First Published	2024-10-26
Last Updated	2024-10-26
Solution Folder	Google Threat Intelligence
Marketplace	Azure Marketplace · Popularity: 🔵 Medium (73%)

This Google Threat Intelligence Solution contains Playbooks that can help enrich incident information with threat information and intelligence for IPs, file hashes and URLs from Google Threat Intelligence. Enriched information can help drive focused investigations in Security Operations.

Data Connectors
Internal Tables
Content Items
Additional Documentation

Data Connectors

This solution does not include data connectors.

This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.

Internal Tables

The following 1 table(s) are used internally by this solution's content items:

Table	Used By Content
`ThreatIntelIndicators`	Analytics, Hunting

Content Items

This solution includes 16 content item(s):

Content Type	Count
Playbooks	8
Analytic Rules	4
Hunting Queries	4

Analytic Rules

Name	Severity	Tactics	Tables Used
Google Threat Intelligence - Threat Hunting Domain	Medium	CommandAndControl	Internal use: `ThreatIntelIndicators`
Google Threat Intelligence - Threat Hunting Hash	Medium	Execution	Internal use: `ThreatIntelIndicators`
Google Threat Intelligence - Threat Hunting IP	Medium	CommandAndControl	Internal use: `ThreatIntelIndicators`
Google Threat Intelligence - Threat Hunting Url	Medium	InitialAccess	Internal use: `ThreatIntelIndicators`

Hunting Queries

Name	Tactics	Tables Used
Google Threat Intelligence - Threat Hunting Domain	-	Internal use: `ThreatIntelIndicators`
Google Threat Intelligence - Threat Hunting Hash	-	Internal use: `ThreatIntelIndicators`
Google Threat Intelligence - Threat Hunting IP	-	Internal use: `ThreatIntelIndicators`
Google Threat Intelligence - Threat Hunting Url	-	Internal use: `ThreatIntelIndicators`

Playbooks

Name	Description	Tables Used
Google Threat Intelligence - Domain Enrichment	This playbook will enrich Domain entities.	-
Google Threat Intelligence - FileHash Enrichment	This playbook will enrich FileHash entities.	-
Google Threat Intelligence - IOC Enrichment	This playbook will enrich IP, Hash, URL & Domain entities found in alerts.	-
Google Threat Intelligence - IOC Enrichment	This playbook will enrich IP, Hash, URL & Domain entities found in incidents.	-
Google Threat Intelligence - IP Enrichment	This playbook will enrich IP entities.	-
Google Threat Intelligence - IoC Stream	This playbook will ingest Google Threat Intelligence from your IoC Streams into Threat Intelligence ...	-
Google Threat Intelligence - Threat List	This playbook will ingest Google Threat Intelligence into Threat Intelligence Sentinel.	-
Google Threat Intelligence - URL Enrichment	This playbook will enrich URL entities.	-

Additional Documentation

📄 Source: Google Threat Intelligence/README.md

Google Threat Intelligence

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.2.2	02-12-2025	- Included new Analytics Rules and Hunting Queries to improve detection capabilities and support proactive investigation. - Filtering threat lists - Migrating to Upload STIX Objects
3.2.1	25-08-2025	Fix IoC Stream ingestion bug for results with more than 40 items due to a cursor iteration error.
3.2.0	20-05-2025	New Playbook added IoC Stream Threat Intelligence. Added x-tool header in Playbook Customer Connector.
3.1.0	29-01-2025	New Threat Intelligence Ingestion Playbook added.
3.0.0	05-12-2024	Initial Solution Release.