Prerequisites

Access requires users have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s).

Steps

1. On the main page of Google Threat Intelligence Platform, go to the Left Navbar to select Reports and Analysis.
2. The Reports page will appear, with three sections: 
   1. Search Query bar
   2. Filters 
   3. Reports list
3. At the top left of the page users can see the Search Query bar. Here users can enter searches by:
   1. Name
   2. Owner
   3. Description
   4. Tags
4. Below the Search Query bar users will see the Filter selection dropdown lists.
5. The first Filter is an important selection as it is where users can select the Origin of the Report.
6. The first tab selection dropdown list is where users can select where the Report is sourced from. Users can select Reports from:
   1. Google Threat Intel
      • Google Threat Intelligence Reporting
   2. Partner
      • Peer Threat Intelligence Reporting
   3. Crowd-sourced
      • Open-source (OSINT) Reporting
7. These selections can help users determine the confidence in the reporting, and establish the trustworthiness of the intelligence information.
8. The remaining Filters can allow users to select from a variety of options:
   1. Industries
   2. Target Regions
   3. Source Regions
   4. Threat Category
   5. Creation Date
   6. Lookups Trends
9. Below the Filters is the Reports section, that consists of Summary and Activity information.
10. Each Report in the list has the following information in the List view:
    1. Title
    2. Origin (Source Type)
    3. Number of IOCs associated
    4. Update Date/Time Group
    5. Activity Graph
11. Users will select a Report and a popup page will appear. At the top of the popup page, users will see the Report Overview with the following options:
    1. Follow
    2. Share & Visibility
    3. Download
    4. Open in Graph
12. Below the Report Overview, users will see the following tabs:
    1. Summary consisting of:
       • Report’s Info
       • Description
       • Details
       • Last 2 weeks Activity
       • Targets
       • Timeline
         *The Summary selection of Partner Origin page will have additional information of:
       • Associations
       • Other Sightings 
         *The Summary selection of the Google Threat Intelligence Origin page will have additional information of:
       •  Associations
       • Relevant Reporting
    2. Content
    3. Associations
    4. IOCs
    5. Activity
    6. Rules
    7. TTPs (MITRE ATT&CK layout)
    8. Reporting
    9. Community
13. The TTPs selection will allow users to see the TTPs in MITRE ATT&CK layout by Operational or Seen in IOCs views.
14. To the right of the Search Query bar in TTPs page, users will see an option to select Open in MITRE Navigator, which will allow users to see the associated TTPs in MITRE ATT&CK’s ATT&CK Navigator, which will allow MITRE to see the associated TTPs.
15. There will be a popup warning users that the  Open in MITRE Navigator selection will allow a Third-Party to see the TTPs associated with the reporting.

Relevant Documentation Links

• All Steps: https://gtidocs.virustotal.com/docs/get-started-reports-analysis