Skip to main content
Question

Ingesting 3rd Party Threat Intel feeds

  • September 6, 2025
  • 3 replies
  • 156 views
Berges
Forum|alt.badge.img

Guys  i want to fetch 3rd party threat intel data in my google secops and make its list which will get updating every 24 hour.


can any 1 guide.

3 replies

kentphelps
Staff
Forum|alt.badge.img+11
  • kentphelps
  • Staff
  • September 7, 2025

Review this list of parsers to see if you feed is there:
https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers
And this is a great entry in the community blog series New to SecOps: Building Rules with Your Own Threat Intel

Also take a look at this video: Operationalize Google's threat intelligence in Chronicle Security Operations

Berges
Forum|alt.badge.img
  • Berges
  • Author
  • New Member
  • September 7, 2025

@kentphelps  how can i integrate STIX Threat Intelligence any steps ..kindly pls share

cmorris
Staff
Forum|alt.badge.img+10
  • cmorris
  • Staff
  • September 9, 2025

You should be able to ingest with an ingestion script via Cloud Run Functions - https://cloud.google.com/chronicle/docs/ingestion/ingest-using-cloud-functions#stixtaxiihttps://github.com/chronicle/ingestion-scripts/tree/main/stix_taxii

 

@kentphelps link shows a parser exist for STIX - https://cloud.google.com/chronicle/docs/ingestion/parser-list/stix-changelog. From there, you should be able to use the STIX data in your rules as ​@kentphelps shared in the threat intel rule link.

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.