In the fourth quarter of 2024, Google Threat Intelligence delivered several updates that helped users prioritize alerts and investigate threats more quickly. Below you will find a brief overview of each update that was delivered in the quarter.
Cut Through the Noise with Gemini Alert Summarization
Reduce alert fatigue and accelerate threat investigation with Gemini Digital Threat Monitoring alert summarization. Digital Threat Monitoring now provides concise summaries of all alerts from the open, deep, and dark web, enabling your security team to efficiently prioritize and assess potential threats. Quickly identify critical issues, even across multiple languages, and streamline your incident response workflow. Learn more in our documentation.
Find the Threat Intelligence You Need, Fast
Conduct searches for threat actors, malware, vulnerabilities and more in Google Threat Intelligence with a new, comprehensive search function. Search key terms and get a wide range of information, from Gemini summaries enriched with curated reports and community references to threat objects and indicators of compromise. Our new Google Threat Intelligence search references reports and analysis, vulnerabilities, crowdsourced rules, and threat graphs. Learn more in our documentation.
Get more relevant threat profile recommendations and customization enhancements
Focus on the threats most relevant to your organization. Take control of your threat profile with new customization enhancements and threat profile recommendations! Fine-tune your threat profile by selecting the categories and the number of matches that matter most to you. Get highly relevant recommendations for actors, malware, vulnerabilities, and campaigns tailored precisely to your industry, region, and more. We've also improved our recommendation engine to ensure you only see the most pertinent threat actors, saving you valuable time and effort. Learn more in our documentation.
Other updates include
Detection Highlights - Mandiant is enhancing Google Threat Intelligence's detection capabilities by integrating Yara rules and malware configuration extraction.
Score searches and YARA matching - Use the single, unified verdict produced by Google Threat Intelligence to create tailored custom IoC threat feeds based on Google's curated threat data.
Capa Explorer - Provides a framework for the community to encode, recognize, and share behaviors that have been seen in malware to figure out what a program does.
JA4 fingerprinting and reverse IoC searches over the entire threat dataset - JA4 is a suite of network fingerprinting methods that include both human and machine readable intelligence to facilitate more effective threat-hunting and analysis.
Google Insights: Cryptomining malware - Get an enhanced view to recognize IP addresses associated with the latest Cryptomining malware.
Interactive malware analysis in Private Scanning (sandbox detonation) - Manual interaction allows you to connect to the detonation virtual machine during analysis and use the cursor and keyboard to act on windows/challenges/etc. that could be limiting in automated analysis.
Weekly pro-Russia hacktivism coverage - In order to improve your visibility into the Pro-Russian hacktivism threat we have extended our periodic reports with a weekly Pro-Russia Hacktivism Threat Activity Tracker.
Google Threat Intelligence app for vulnerability response in ServiceNow - Prioritize vulnerabilities effectively by knowing if Google has seen the vulnerability has been exploited in the wild.
IoC analysis feeds include assessment, score and verdict - These feeds are available as an add-on to your Google Threat Intelligence Enterprise+ license and will now include Google Threat Intel assessment, score and verdict for each indicator along with all the previous available metadata.
Learn more about these updates and stay up-to-date with all Google Threat Intelligence product updates by checking out the release notes area in our documentation.
