Skip to main content

Table of Contents

 

124056iBEF12E91C779BFD4.png

This section of Google Threat Intelligence Onboarding, will go over the Digital Threat Monitoring section DTM is a powerful cybersecurity solution designed to identify data leaks, discussions about your organization, and emerging attack patterns before they make an impact.

By following this brief guide, users will be able to get a better understanding of how DTM works and how to get it initially configured with some of the most commonly utilized monitors.

Prerequisites

  • Access to the Homepage and its features, requires the user to have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s). 
  • Define the user’s Monitor Topics: Carefully choose the monitor topics and keywords to ensure DTM focuses on the most relevant information. Consider including:
    • Your organization's name and variations
    •  Key brands and products
    • Registered web domains
    • Executive names (VIP users)
    • Organization-specific terms
    • Network Information (External IP addresses or ranges)
  • If a user doesn't have this information, they cannot start to build monitors

Actions

124057i8B30D6745AA535DB.png

Research Tools

Google Threat Intelligence’s Digital Threat Monitoring (DTM) is a powerful cybersecurity solution designed to identify data leaks, discussions about your organization, and emerging attack patterns from open-source, dark web, and raw data that Google Threat Intelligence has collected.

 

 

Prerequisites

Access requires users have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s).


Steps
  1. On the main page of Google Threat Intelligence Platform, go to the Left Navbar to select Digital Threat Monitoring.
  2. In the dropdown menu, users will select Research Tools tab and explore. This is done so users understand and focus on what matters and reduce false positives.
  3. To conduct a Search, go to the Search Query box, just below the section title Research Tools, and enter a search. 
  4. Under the Search Box, users can enter from a range of subject items, including:
    1. Pastes
    2. Forums
    3. Emails
    4. Stores
    5. Web Content
  5. On the left pane, users can utilize search Filters to refine their search, including:
    1. Date Range
    2. Collection Type
    3. Threat Type
  6. kSelect one of the results and a new page will appear that will show an Overview page for the selected result, with an Overview tab and a Raw (JSON) tab with the affiliated Raw (JSON) information.
  7. The Overview tab will show three sections of the result, showing the following content:
    1. Characterization
    2. Source Information
    3. Content
  8. The Content section will include two views:
    1. Message Thread
    2. Raw Text View
  9. Research Tools will provide the user with relevant information needed to define their Monitor Topics.
Relevant Documentation Links

 

 

124058iA68FDD99B38492A6.png

124059i5A2E683C10DB7A36.png

Define and Set Up Monitors

Google Threat Intelligence’s Digital Threat Monitoring (DTM) allows users to setup standardized templates or create their own monitors. This gives users the capability to build effective Monitors that help their organization discover and be alerted of potential threats .

 

 

Prerequisites

Access requires users have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s).


Steps
  1. On the main page of Google Threat Intelligence Platform, go to the Left Navbar to select Digital Threat Monitoring.
  2. In the dropdown menu, users will select the Monitors tab and see the Monitors page.
  3. Users will see under the Monitors tab, there are ten options in the Select a Monitor section.
  4. These option consist of several pre-configured options that consist of:
    1. Cards Shops
    2. Compromised Credentials
    3. Data Leaks
    4. Deep & Dark Web
    5. Domain Protection
    6. Initial Access Broker
    7. Netblocks & Domains
    8. Ransomware Threats
    9. Supply Chain Compromise
  5. To select a pre-configured Monitor, users will select one of the options below Select a Monitor. 
  6. For the pre-configured Monitors, many of the fields in the Create a Monitor page will be filled in, with the option to edit those fields.
  7. These fields include:
    1. Monitor type
    2. Description
    3. Monitor Configuration
  8. The Monitor Configuration section have condition fields.
  9. In the Monitor Configuration section, users will first select to Search by Collection Type.
  10. Then users will choose if the Collection Type conditions Must Equal or Must Not Equal the different Collection Sources (Domain Discovery, Emails, Web Content, etc) based on the Collection Type.
  11. When complete, users will be able to select from Test Monitor or Create Monitor.
  12. Additionally, the users will have the capability to Create a Custom Monitor, that has topic values and conditions, without pre-configured values.
  13. The process and fields are similar to pre-configured options.
  14. To Create a New Monitor, users must provide a Monitor Name and at least one matching condition.
  15. In the lower part of the Monitors screen, will be two sections:
    1. Your Monitors
    2. Deleted Monitors
  16. Those sections will show current and former Monitors for the user and allows for editing.
  17. Optional: Users can create an Email Alert Notification on the Create a Monitor page.
  18. To enable Email Notifications, users must first configure Email Alert Notification settings using the link at the top of the Alert List.
Relevant Documentation Links

 

 

124060i5A98189CCA9390A7.png

Review and Respond

Google Threat Intelligence’s Digital Threat Monitoring (DTM) allows users to setup notifications for their alerts, build their own delivery schedule based on their needs with both immediate notification or scheduled delivery, and take appropriate action to mitigate risks.

 

 

Prerequisites
  • Access requires users have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s).
  • Monitors have to be created in order to receive alerts.

Steps
  1. On the main page of Google Threat Intelligence Platform, go to the Left Navbar to select Digital Threat Monitoring.
  2. In the dropdown menu, users will select the Alerts tab and see the Alerts page.
  3. If Monitors have not been created, then there will be no alerts in the Alerts main page.
  4. To filter Alerts, users can select Search filters or enter a Search query in the Search bar below the Alerts tab.
  5. In the top right corner of the Alerts page, users can change the settings of their Email Alert Notifications.
  6. Below the Alerts tab at the top of the page, users can select Date range for the search.
  7. On the left side of the Alerts page, is a Filters selection menu, to select the following options:
    1. Status
    2. Attributes
    3. Severity
    4. Alert Type
  8. Users can also sort their alerts by Severity level and Time Created.
Relevant Documentation Links

 

 

Next Step: Google Threat Intelligence: Step 2.2 - Collection | Vulnerability Intelligence 

Previous Step: Google Threat Intelligence: Step 2 - Collection Overview

Be the first to reply!

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.