Skip to main content

Table of Contents

 

124070iB8BB6B302DAC1450.png

This section of Google Threat Intelligence Onboarding is going to cover the administration of Google TI’s Threat Landscape functionality. Here users will be able to see how to create threat profiles, receive notifications via email, and track updates to threat profiles that the organization is tracking.

Prerequisites

Access to the Homepage and its features, requires the user to have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s).

Actions

124072i9F03151CB8D00473.png

Threat Profile Creation

Google Threat Intelligence provides a tailored Threat Landscape by creating and defining Threat Profiles and apply top-level filters for target Industries and target Regions. This assists organizations in identifying and defining threat that are relevant to the organization.

 

Prerequisites

Access requires users have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s).


Steps
  1. On the main page of Google Threat Intelligence Platform, go to the Left Navbar to select Threat Landscape.
  2. In the dropdown menu, select My Threat Profiles.
  3. For first time users, there will be sections to enter information, or autofill selections in a dropdown list from existing Projects.
  4. If users have not created any Threat Profiles, users will see an Introducing Threat Profiles splash page. This page will show a preview of the Threat Profiles page under a link titled “Show Preview.
  5. In the middle of the page, users will see a display of two icons:
    1. View All Profiles 124073i3C1FBF04C147DE09.png
    2. Create Threat Profile 124074iDAC5BB655A3B7B4A.png
  6. Users will select Create Threat Profile and a Create Your Threat Profile will appear.
  7. In the first section, named Create your Threat Profile, users can name a threat profile under the entry box titled Name.
  8. Click the Next button.
  9. The next section is titled Choose your area of focus, users can Select an Industry or Select a Target Region, to compile their personalized threat profile view.
  10. Select Save Threat Profile.
Relevant Documentation Links

 

 

124075i7A0BE334BBC5F999.png

Threat Profile Notifications

Google Threat Intelligence provides a tailored Threat Landscape by creating and defining Threat Profiles. Users build a personalized Threat Landscape by creating customizable Threat Profiles from all of Google TI's threat intelligence so you can focus only on the threats that matter most to your organization.

 

Prerequisites

Access requires users have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s).


Steps
  1. To track Threat Profile changes, users will go back to the Left Navbar to select Threat Landscape.
  2. In the dropdown menu, select My Threat Profiles.
  3. Select an existing Threat Profile, users will see a page titled Your Threat Profile, that will have multiple categories to select from, dependent on the type of Threat Profile:
    1. Actors
    2. Campaigns
    3. Malware
    4. Vulnerabilities
    5. Collections
    6. Reports
  4. Below those categories, users will see two tabs:
    1. Overview
    2. MITRE ATT&CK
  5. Below the Overview and MITRE ATT&CK tabs is a dropdown menu for:
    1. Recommended
    2. Added
  6. If users select Recommended in the  Overview section, users will be able to see three sections:
    1. Your Threat Map
    2. What’s Changed
    3. Your Recommended Actors
  7. In the Your Recommended Actors section, users will have download options to either download a .csv file of:
    1. Indicators
    2. MITRE TTPs
  8. Those options can be accessed from the Download button or Take Action button in the Your Recommended Actors section.
  9. Users who select the MITRE ATT&CK tab of the Your Threat Profile section, users will be able to see a display of the associated MITRE ATT&CK TTPs to the Threat Profile.
  10. At the top right of the page, users will have the option to download a .csv of the associated TTPs.
  11. If users select Added in the  Overview section, users will be able to see two sections:
    1. Your Added Actors
    2. What’s Changed
  12. Users can Manage Threat Profiles, by going to the top right of the Your Threat Profile page, and clicking on the Profile Switcher124076i7DC157709AF1B35D.png
  13. Users can select the Create Threat Profile button as another method to create a Threat Profile124077i6932E4AD42DB0051.png
  14. To manage a Threat Profile, users can select the Manage Threat Profile button. 124078iC4F5D64BB10FB06C.png
  15. The Manage Threat Profile page will appear, where users can select a Threat Profile and choose to:
    1. Customize Threat Profile
    2. Copy Threat Profile
    3. Delete Threat Profile
Relevant Documentation Links

https://gtidocs.virustotal.com/docs/threat-profiles#explore-your-threat-landscape

https://gtidocs.virustotal.com/docs/threat-profiles#create-additional-threat-profiles

 

 

124079iA36616DF67910FF7.png

Track Threat Profile Changes

Google Threat Intelligence provides a tailored Threat Landscape by creating and defining Threat Profiles. Users can track changes to objects in their Threat Profiles. Any changes are tracked and identified for users to stay up to date.

 

Prerequisites

Access requires users have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s).


Steps
  1. To track Threat Profile changes, users will go back to the Left Navbar to select Threat Landscape.
  2. In the dropdown menu, select My Threat Profiles.
  3. Select an existing Threat Profile, users will see a page titled Your Threat Profile, that will have multiple categories to select from, dependent on the type of Threat Profile:
    1. Actors
    2. Campaigns
    3. Malware
    4. Vulnerabilities
    5. Collections
    6. Reports
  4. Below those categories, users will see two tabs:
    1. Overview
    2. MITRE ATT&CK
  5. In the Overview section, users will be able to see three sections where there will be a section on the right-hand side titled What’s Changed.
  6. In What’s Changed section, users can see any profiles or events that have had changes, to include a search function.
  7. To receive email notifications of the changes, users will select an icon for the Setup Email Notifications button. 124080iBD92C709E3EC1370.png
  8. This will bring users to the Account Settings page, where they can Add Email Notifications to track any changes.
Relevant Documentation Links

 

 

124081i739DF52B34CAD13F.png

Explore Threat Actors

Google Threat Intelligence provides a tailored Threat Landscape by creating and defining Threat Profiles and apply top-level filters for target Industries and target Regions. This assists organizations in identifying and defining threat that are relevant to the organization.

 

Prerequisites

Access requires users have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s).


Steps
  1. On the main page of Google Threat Intelligence Platform, go to the Left Navbar to select Threat Landscape.
  2. A dropdown menu will appear, where users will select the  Threat Actors feature. The Threat Landscape page will appear with entity tabs and three sections:
    1. Search Query bar
    2. Filters
    3. Summary
  3. To view Threat Landscape entities, users can select from the following:
    1. Threat Actors
    2. Malware & Tools
    3. Campaigns
    4. IOC Collections
  4. At the top of the page users can see the Search Query bar. Here users can enter searches by:
    1. Name
    2. Owner
    3. Description
    4. Tags
  5. Below the Search Query bar users will see the Filter selection dropdown lists.
  6. The first Filter is an important selection as it is where users can select the Origin of the Report.
  7. The first Filter is an important selection as it is where users can select the Origin of the Vulnerability reporting:
    1. Google Threat Intel
      1. Google Threat Intelligence Reporting
    2. Partner
      1. Peer Threat Intelligence Reporting
    3. Crowd-sourced
      1. Open-source (OSINT) Reporting
  8. The remaining Filters can allow users to select from a variety of options:
    1. Industries
    2. Target Regions
    3. Source Regions
    4. Threat Category
    5. Creation Date
    6. Lookups Trends
  9. To the right of Lookups Trends dropdown tab, users will see an Actions tab, but only after selecting a Threat Actor(s) from the list in the Summary section.
  10. The Actions will consist of:
    1. Follow New IOCs in Your IOC Stream
    2. Additionally Send Email Notifications…
  11. If users select to send email notifications, they will enter an email address or multiple.
  12. Users will then select to receive One Email per IOC Added.
  13. Or users will choose Daily Digest to receive a daily email in their inbox with all the new IOCs added to the entity.
  14. Or users will choose Daily Digest to receive a daily email in their inbox with all the new IOCs added to the entity.
Relevant Documentation Links

 

 

124082i795AB5D194D8D0C6.png

Additional Threat Landscape Entities

Google Threat Intelligence provides a tailored Threat Landscape by creating and defining Threat Profiles and apply top-level filters for target Industries and target Regions. This assists organizations in identifying and defining threat that are relevant to the organization.

 

Prerequisites

Access requires users have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s).

Steps
  1. On the main page of Google Threat Intelligence Platform, go to the Left Navbar to select Threat Landscape.
  2. The Threat Landscape page will appear with entity tabs and three sections:
    1. Search Query bar
    2. Filters
    3. Summary
  3. To view other Threat Landscape entities, users can select from the following:
    1. Threat Actors
    2. Malware & Tools
    3. Campaigns
    4. IOC Collections
  4. At the top of the page users can see the Search Query bar. Here users can enter searches by:
    1. Name
    2. Owner
    3. Description
    4. Tags
  5. Below the Search Query bar users will see the Filter selection dropdown lists.
  6. The first Filter is an important selection as it is where users can select the Origin of the Report.
  7. The first tab selection dropdown list is where users can select where the Report is sourced from. Users can select Reports from:
    1. Google Threat Intel
      1. Google Threat Intelligence Reporting
    2. Partner
      1. Peer Threat Intelligence Reporting
    3. Crowd-sourced
      1. Open-source (OSINT) Reporting
  8. The remaining Filters can allow users to select from a variety of options:
    1. Industries
    2. Target Regions
    3. Source Regions
    4. Threat Category
    5. Creation Date
    6. Lookups Trends
  9. The IOC Collections page will have two additional Filters of:
    1. Collection Type
    2. Visibility
  10. Below the Filters is the Summary section, that consists of Summary and Activity information.
Relevant Documentation Links

 

 

124083i046B9E5A349FC910.png

TTP Analysis

Google Threat Intelligence provides a tailored Threat Landscape by creating and defining Threat Profiles and apply top-level filters for target Industries and target Regions. TTP Analysis feature helps users explore Threat Actors and Malware on the basis of the MITRE ATT&CK®️ Framework.

 

Prerequisites

Access requires users have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s).


Steps
  1. On the main page of Google Threat Intelligence Platform, go to the Left Navbar to select Threat Landscape.
  2. In the dropdown menu, select TTP Analysis to display the Explore MITRE ATT&CK page, explore threats in terms of adversary Tactics, Techniques, and Procedures (TTPs) based on real-world observations.
  3. At the top-left of the page, users can choose to explore:
    1. Actors  124084i9B00174EAD61B9E2.png
    2. Malware 124085i353706BDFDA821F8.png
  4. To view Actors, users will select Actors in the Actor Selection page, which will display all Actors currently tracked by Google Threat Intelligence.
  5. Users will see three sections in the Explore MITRE ATT&CK page:
    1. Selected Actors
    2. Filters
    3. Threat Actor List
  6. In the Selected Actors section, users can select Add All to select all Actors. This displays all Actors currently tracked by Google Threat Intelligence.
  7. To remove all Actors from the Selected Actors section, users will select Remove All.
  8. In the Filters section, users can select the following Filters:
    1. Search Query
    2. Last Reference Date
    3. Source Region
    4. Target Industry
    5. Target Region
    6. Associated Malware
    7. Associated Tools
  9. The Threat Actor List is similar to the Threat Actors section of the Threat Landscape feature, but have different selection functionality.
  10. On a Threat Actor’s card there are two options to select:
    1. View Details
    2. Select
  11. Users select different Threat Actors from the Threat Actors List, by clicking the Select button on the Threat Actor Card124086i82389E5CF7D8EFC2.png
  12. Once users select a card to be part of their TTP Analysis, they see it selected by observing the Selected button. 124087i3F8F2A777952F259.png
  13. All of the Selected Actors will appear in the Selected Actors section at the top of the page. 124088i8E941E7782628644.png
  14. Once all Threat Actors are selected for analysis, users will go to the Actor Selection and Analysis section at the top-right corner of the screen. In the Actor Selection page, users will see the Actor Selection button highlighted in blue. 124089i3BBA7A10544BBDB9.png
  15. Users will select Analysis, when ready to observe the relevant TTPs, displayed in a MITRE ATT&CK framework.
  16. Users will see four sections in the Analysis page:
    1. Selected Actors
    2. TTP count by Actor
    3. Download TTPs
    4. MITRE ATT&CK Framework
  17. In the TTP count by Actor section, is a key that will show a color code representing the TTPs in the form of a Heatmap, where users can see shared TTPs used by the Selected Actors124090iAA4CDE6FD23DE551.png
  18. As an example, users can see that there are shared Techniques between two Selected Actors. 124091i8A372DF61D8F1BD1.png
  19. This is done to show users the possible techniques to prioritize, or for Analysis of Competing Hypotheses.
  20. Users are able to download the Selected Actors TTPs, in the form of a .csv file, by selecting Download TTPs, in the top-right of the Analysis page.
Relevant Documentation Links

 

 

Next Step: Google Threat Intelligence: Step 1.4 - Direction | Attack Surface Management

Previous Step: Google Threat Intelligence: Step 1.2 - Direction | Admin Setup

Be the first to reply!

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.