Hello community,
I´m new to the SOAR part of Google SecOps and I´m starting with the creation of a playbook for an IOC based detection. I came across the Gemini summary page and noticed the malicious verdict. I was expecting to utilize an VirusTotal enrichment block to get this verdict but now I am wondering how does Gemini/GSOAR come to it and if this can be used inside a playbook/block.
Maybe someone already came across this?
Thank you!
/Max
Hi @maxjunker , it does not validate this IP anywhere, for this summary AI is using information available in Case/Alerts/Events. If it is wrong conclusion on available information you can rate this summary to leave a feedback.
Thank you, @f3rz. The verdict is correct, as I simulated this case by contacting an IP address in the global context.
Does am I right that this verdict cannot be used inside a playbook?
Thank you, @f3rz. The verdict is correct, as I simulated this case by contacting an IP address in the global context.
Does am I right that this verdict cannot be used inside a playbook?
@maxjunker you are right, at the moment it is not possible. I know that we have Feature Request open internally. I would recommend you to open a Support Ticket for requesting Issue Tracker link to track the progress of implementation of the feature.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.