Table of Contents
This section of Google Threat Intelligence Onboarding, will go over Vulnerability Intelligence function. Google Threat Intelligence empowers users to prioritize patching and mitigation efforts by providing empirical risk scoring, highly contextualized correlations to other indicators of compromise (IOCs), and continuously updated reporting on vulnerabilities.
By following this brief guide, you will be able to get a better understanding of how Vulnerability Intelligence works and how to get it initially setup.
Prerequisites
Access to the Homepage and its features, requires the user to have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s).
Actions
Explore Vulnerabilities
Google Threat Intelligence’s Vulnerability Intelligence section allows users to prioritize patching, and implement mitigations efforts through continuous updates and reporting of vulnerabilities. Here users can maintain awareness of the latest and most severe vulnerabilities, tracked by Google Threat Intelligence.
Prerequisites
Access requires users have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s).
- On the main page of Google Threat Intelligence Platform, go to the Left Navbar to select Vulnerability Intelligence.
- The Vulnerability Intelligence page will appear with entity tabs and three sections:
- Search Query bar
- Filters
- Summary
- At the top of the page users can see the Search Query bar under the Vulnerabilities tab. Here users can enter searches by:
- Name
- Owner
- Description
- Tags
- Below the Search Query bar users will see the Filter selection dropdown lists.
- The first Filter is an important selection as it is where users can select the Origin of the Vulnerability reporting:
- Google Threat Intel
- Google Threat Intelligence Reporting
- Partner
- Peer Threat Intelligence Reporting
- Crowd-sourced
- Open-source (OSINT) Reporting
- Google Threat Intel
- The remaining Filters can allow users to select from a variety of options:
- Industries
- Target Regions
- Source Regions
- Threat Category
- Creation Date
- Lookups Trends
- To the right of Lookups Trends dropdown tab, users will have see an Actions, but only after selecting a Vulnerability from the list in the Summary section.
- The Actions will consist of:
- Follow New IOCs in Your IOC Stream
- Additionally Send Email Notifications…
- If users select to send email notifications, they will enter an email address or multiple.
- Users will then select to receive One Email per IOC Added.
- Or users will choose Daily Digest to receive a daily email in their inbox with all the new IOCs added to the entity.
- Each Vulnerability page will have the following actions at the top-right of the page:
- Follow
- Share & Visibility
- Download (All IOCs as…)
- JSON
- CSV
- STIX
- Open in Graph
- This page has multiple tabs to select to view specific details:
- Summary
- Associations
- IOCs
- Products and Fixes
- Activity
- Rules
- TTPs
- Reporting
- Community
- This page has multiple sections in the main area of the page:
- Vulnerability’s Info
- Exploitation Details
- Summary & Analysis
- Description
- CVSS Score
- Details
- Last 2 Weeks Activity
- Targets
- Timeline
- Relevant Reporting
Relevant Documentation Links
- All Steps: https://gtidocs.virustotal.com/docs/vulnerabilities
- Additional Documentation: https://gtidocs.virustotal.com/docs/vulnerabilities#explore-vulnerabilities
Next Step: Google Threat Intelligence: Step 3 - Analysis Overview
Previous Step: Google Threat Intelligence: Step 2.1 - Collection | Digital Threat Monitoring