The Google SecOps IOC Exporter Action for ThreatQ enables the automatic dissemination of IOCs from a ThreatQ data collection to Google SecOps. The exported IOCs are exported in the UDM format, as entities. The UDM format is a universal JSON format that is compatible with SecOps’ API. These entities can then be used within SecOps’s rules editor (YARA-L) to create rules to trigger alerts.

 

The integration provides the following action:

The action is compatible with the following indicator types:

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.