The Google Threat Intelligence Reports CDF integration enables the ingestion of curated threat intelligence reports from the Google Threat Intelligence (GTI) API into ThreatQ, replacing the legacy Mandiant Intelligence Reports workflow. This integration provides a modernized and scalable approach to collecting and operationalizing intelligence by leveraging Google’s GTI platform.

The integration provides the following feeds:

• Google Threat Intelligence Reports - ingests GTI report collections and leverages supplemental feeds to retrieve related entities and indicators.
  • Google Threat Intelligence Report Details (Supplemental)
  • Google Threat Intelligence Report Related Adversaries (Supplemental)
  • Google Threat Intelligence Report Related Campaigns (Supplemental)
  • Google Threat Intelligence Report Related Attack Patterns (Supplemental)
  • Google Threat Intelligence Report Related Malware (Supplemental)
  • Google Threat Intelligence Report Related Vulnerabilities (Supplemental)
  • Google Threat Intelligence Report Related Indicators (Supplemental)

The integration ingests the following object types:

• Adversaries
• Attack Patterns
• Campaigns
• Indicators
• Malware
• Reports
• Signatures
• Vulnerabilities