Skip to main content

Google Threat Intelligence: Step 1.2 - Direction | Admin Setup

  • September 11, 2024
  • 0 replies
  • 472 views
Digital-Customer-Excellence
Staff
Forum|alt.badge.img+7

Table of Contents

 

124092i27BFE389057D7DF1.png

This section of Google Threat Intelligence Onboarding, will go over the Administrators’ steps in setting up accounts, configurations, management of roles, and establishing privileges.

 

Prerequisites

Access to the Homepage and its features, requires the user to have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s).

 

Actions

124093i078C64EBB4B403FD.png

Configure User/Group Settings

Google Threat Intelligence has two types of premium users. They consist of regular users, known as “Members” and “Admins”. Administrators have additional privileges to manage their organization’s Google Threat Intelligence Group.

 

Prerequisites

Access to My Group Section under User Menu requires having a valid account and access. 

Steps
  1. In the section of the User Menu, users must click My Group in the drop down menu on the top right corner.
  2. In the My Group section, all actions are restricted to administrators.
  3. Once in My Group, users can find the following information in the Group Preferences section:
    1. Organization
    2. Group ID
    3. Agreement Company Name
    4. Domain Name
    5. Auto Add Emails
  4. Administrators can only edit the following sections under the Group Preferences section:
    1. Organization
    2. Domain Name
    3. Auto Add Emails
  5. Administrators can change all five fields under the Settings tab of the My Groups page.
Relevant Documentation Links

 

 

124094i989345DEF6CF9AB7.png

Manage User Privileges/ Roles

Google Threat Intelligence has two types of premium users. They consist of regular users, known as “Members” and “Admins”. Administrators have additional privileges to manage their organization’s Google Threat Intelligence Group.

 

Prerequisites

Access to My Group Section under User Menu requires having a valid account and access.

Steps
  1. In the section of the User Menu, users must click My Group in the drop down menu on the top right corner.
  2. In the Users tab, under the Group Members section users can see the entire list of group members.
  3. Additionally, in the Group Members section, users can search for members from the Search Query bar.
  4. To the right of the Search Query bar, shown members can be filtered by security settings in the All Security Settings dropdown menu which provides three filtering options:
    1. All Security Settings
    2. 2FA Active
    3. 2FA Inactive
  5. Next to this filtering option is another dropdown menu with other two filtering options:
    1. All Member
    2. Group Admins
  6. If a user’s role needs to be changed, Admins can go to the User sub-section in the Group Members section. Admins can edit a user’s role (Group role) by clicking on its current role and selecting the appropriate one between Member and Admin.
Relevant Documentation Links

 

 

124095i4EFC49340CBBA2D4.png

Manage User API Keys

Google Threat Intelligence API Notions on the web interface. There Admins can see a set of API v3 endpoints designed to automate most administrative tasks.

 

Prerequisites
  • Access to Users and Groups Administration documentation.
  • Usage requires authentication/authorization through the admin's API key.

Steps
  1. In the User Menu, users can select API Key from the drop down menu.
  2. In the API Key menu, users will see their API Key blurred at the top section titled Google Threat Intelligence Key. Users can select to:
    1. Show API Key
    2. Copy to Clipboard
  3. Here users can access their API Key and select many integrations, tests, and scripts for allowances, in the section titled API Quota Allowances For Your User, displayed to the right of the Group Allowances:
    1. API Reference
    2. Python Client
    3. Golang Library
    4. Command-line Interface
    5. Go Premium
    6. Use in Browser
    7. Discovery Feeds
    8. Other Services
  4. Additionally, there is an option for upgrading users’ API, by selecting Upgrade API124096iC263964A7E6C4D53.png
Relevant Documentation Links

 

 

124097i9291E39470DC2D29.png

Group Member Management

Google Threat Intelligence has a User and Group management section to add and edit account information.

 

Prerequisites

Access to My Group Section under User Menu requires having a valid account and access. 


Steps
  1. In this section, Users and Service Accounts can be added and removed.
  2. To add a new service account, go to the top right of the platform page, to the User Menu, and select My Group from the drop down menu.
  3. In same section, Admins can see important information about their Group Accounts. These tabs include:
    1. Users
    2. Usage
    3. API
    4. Settings
  4. Under the Users tab, there will be a button titled Add.
  5. Once clicked, a dropdown menu will appear, that allows users add a User or a Service Account, dependent on the type of account admins want to add.
  6. For User accounts, admins must specify the user's email address and user Group Role as a common User or an Admin before saving the request.
  7. For Service Accounts, admins must enter and specify a name for the Service Account.
  8. Once a user or service account name is entered, select Save.
Relevant Documentation Links

 

 

124098i601230E2648E5CC0.png

Single Sign On

Administrators need to be able to configure the Identity Provider for the Single Sign-on (SSO).

 

Prerequisites
  • Access to My Group Section under User Menu requires having a valid account and access.  
  • Google Threat Intelligence currently supports SSO authentication with the following services: (Google, GitHub, Twitter, Microsoft)


Steps
  1. Under User Menu, select My Group from the drop down menu.
  2. Select the Settings tab, on the page.
  3. In the sections below in the Single Sign-on section.
  4. Here admins can select an Identity Provider from the drop down menu.
  5. The options available are:
    1. *google.com
    2. *github.com
    3. *twitter.com
    4. *microsoft.com
    5. Other (SAML)
  6. For configuring SAML administrators, additional documentation can be found at:

https://gtidocs.virustotal.com/docs/saml-okta

https://gtidocs.virustotal.com/docs/saml-ping

Relevant Documentation Links

 

 

124099iE6990ED14F34A2FA.png

Understanding User/ Group Consumption

Users of Google Threat Intelligence need to have a certain allowance based on the service that their organization subscribed to. The monthly consumption metrics is displayed so admins can keep track of both group and individual user consumption.

 

Prerequisites

Access to My Group Section under User Menu requires having a valid account and access.  


Steps
  1. Under the User Menu tab, users will select My Group option from the drop down menu.
  2. On the My Group page, select the Usage tab.
  3. Directly below, the overall Group Usage of each Feature is displayed under the Usage tab, as Consumption Current Month.
  4. Here, users can observe several sections that breakdown the Group Usage by Feature. These sections are broken down into:
    1. Searches
    2. Downloads
    3. LiveHunt Rules
    4. RetroHunt Rules
    5. Diff (Threat Differentials)
    6. Private Scanning Files
    7. Private Scanning URLs
  5. Below the Consumption Current Month, users of a Group can see the Consumption by User based on the usage of each Feature, by individual users.
Relevant Documentation Links

 

 

Next Step: Google Threat Intelligence: Step 1.3 - Direction | Threat Landscape

Previous Step: Google Threat Intelligence: Step 1.1 - Direction | Onboarding

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.