Skip to main content

Guys  i want to fetch 3rd party threat intel data in my google secops and make its list which will get updating every 24 hour.


can any 1 guide.

Review this list of parsers to see if you feed is there:
https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers
And this is a great entry in the community blog series New to SecOps: Building Rules with Your Own Threat Intel

Also take a look at this video: Operationalize Google's threat intelligence in Chronicle Security Operations

@kentphelps  how can i integrate STIX Threat Intelligence any steps ..kindly pls share

You should be able to ingest with an ingestion script via Cloud Run Functions - https://cloud.google.com/chronicle/docs/ingestion/ingest-using-cloud-functions#stixtaxiihttps://github.com/chronicle/ingestion-scripts/tree/main/stix_taxii

 

@kentphelps link shows a parser exist for STIX - https://cloud.google.com/chronicle/docs/ingestion/parser-list/stix-changelog. From there, you should be able to use the STIX data in your rules as ​@kentphelps shared in the threat intel rule link.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.