Google Threat Intelligence Solution (public preview)
Solution: Google Threat Intelligence
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Publisher | |
| Support Tier | Partner |
| Support Link | https://www.virustotal.com/gui/contact-us |
| Categories | Security - Threat Intelligence |
| Version | 3.2.3 |
| Author | |
| First Published | 2024-10-26 |
| Last Updated | 2024-10-26 |
| Solution Folder | Google Threat Intelligence |
| Marketplace | Azure Marketplace · Popularity: 🟢 High (82%) |
This Google Threat Intelligence Solution contains Playbooks that can help enrich incident information with threat information and intelligence for IPs, file hashes and URLs from Google Threat Intelligence. Enriched information can help drive focused investigations in Security Operations.
Important — Custom Connector prerequisite: The Playbooks in this solution depend on the Google Threat Intelligence custom Logic Apps connector, which is not deployed automatically when you install the solution from Content Hub. Before running any of the Playbooks, you must manually deploy the custom connector into the same resource group and region as the Playbooks, using the Deploy to Azure button in the connector's readme. Without it, the Playbooks will fail to authenticate to the Google Threat Intelligence API.
Contents
Data Connectors
This solution does not include data connectors.
This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.
Internal Tables
The following 1 table(s) are used internally by this solution's content items:
| Table | Used By Content |
|---|---|
ThreatIntelIndicators |
Analytics, Hunting |
Content Items
This solution includes 16 content item(s):
| Content Type | Count |
|---|---|
| Playbooks | 8 |
| Analytic Rules | 4 |
| Hunting Queries | 4 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Google Threat Intelligence - Threat Hunting Domain | Medium | CommandAndControl | Internal use:ThreatIntelIndicators |
| Google Threat Intelligence - Threat Hunting Hash | Medium | Execution | Internal use:ThreatIntelIndicators |
| Google Threat Intelligence - Threat Hunting IP | Medium | CommandAndControl | Internal use:ThreatIntelIndicators |
| Google Threat Intelligence - Threat Hunting Url | Medium | InitialAccess | Internal use:ThreatIntelIndicators |
Hunting Queries
| Name | Tactics | Tables Used |
|---|---|---|
| Google Threat Intelligence - Threat Hunting Domain | - | Internal use:ThreatIntelIndicators |
| Google Threat Intelligence - Threat Hunting Hash | - | Internal use:ThreatIntelIndicators |
| Google Threat Intelligence - Threat Hunting IP | - | Internal use:ThreatIntelIndicators |
| Google Threat Intelligence - Threat Hunting Url | - | Internal use:ThreatIntelIndicators |
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| Google Threat Intelligence - Domain Enrichment | This playbook will enrich Domain entities. | - |
| Google Threat Intelligence - FileHash Enrichment | This playbook will enrich FileHash entities. | - |
| Google Threat Intelligence - IOC Enrichment | This playbook will enrich IP, Hash, URL & Domain entities found in alerts. | - |
| Google Threat Intelligence - IOC Enrichment | This playbook will enrich IP, Hash, URL & Domain entities found in incidents. | - |
| Google Threat Intelligence - IP Enrichment | This playbook will enrich IP entities. | - |
| Google Threat Intelligence - IoC Stream | This playbook will ingest Google Threat Intelligence from your IoC Streams into Threat Intelligence ... | - |
| Google Threat Intelligence - Threat List | This playbook will ingest Google Threat Intelligence into Threat Intelligence Sentinel. | - |
| Google Threat Intelligence - URL Enrichment | This playbook will enrich URL entities. | - |
Additional Documentation
📄 Source: Google Threat Intelligence/README.md
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.2.3 | 27-05-2026 | Added Custom Connector manual prerequisite for Playbooks. |
| 3.2.2 | 02-12-2025 | - Included new Analytics Rules and Hunting Queries to improve detection capabilities and support proactive investigation. - Filtering threat lists - Migrating to Upload STIX Objects |
| 3.2.1 | 25-08-2025 | Fix IoC Stream ingestion bug for results with more than 40 items due to a cursor iteration error. |
| 3.2.0 | 20-05-2025 | New Playbook added IoC Stream Threat Intelligence. Added x-tool header in Playbook Customer Connector. |
| 3.1.0 | 29-01-2025 | New Threat Intelligence Ingestion Playbook added. |
| 3.0.0 | 05-12-2024 | Initial Solution Release. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊