Google Threat Intelligence

Supercharge Splunk SOAR with Google Threat Intelligence by integrating real-time IOCs, breach insights, and threat actor data from VirusTotal, Mandiant, and Google for automated, context-rich responses

Supported Actions

• test connectivity: Test connectivity with Google Threat Intelligence
• on poll: Ingest data from IOC Stream, DTM Alerts, and ASM Issues
• scan private file: Privately scan and analyze a file to retrieve associated threat intelligence
• get ioc report: Publicly scan and fetch the report for an IP address, URL, domain, or file
• get comments: Fetch comments for an IP address, URL, domain, or file
• get vulnerability associations: Fetch vulnerabilities related to an IP address, URL, domain, or file
• get file sandbox report: Fetch the behavior report for a given file
• scan private url: Privately scan and analyze a URL to retrieve associated threat intelligence
• get curated associations: Fetch curated threat actors, malware families, campaigns, and reports for an IP address, URL, domain, or file
• add comment: Add a comment to an IP address, URL, domain, or file
• delete comment: Delete a specific comment
• get passive dns data: Fetch passive DNS data for a domain or IP address
• get vulnerability report: Fetch the vulnerability report for a given vulnerability ID
• update dtm alert status: Update the status of a DTM alert
• update asm issue status: Update the status of an ASM issue