I’m exploring Google Threat Intelligence capabilities and I want to understand if it’s possible to set up custom rules or alerts that specifically track vulnerabilities for particular products (e.g., a certain software or hardware vendor).
For example, I’d like to be notified whenever a new CVE affecting a specific product is reported, rather than monitoring general threat feeds.
Is there a way to configure Google Threat Intelligence to focus on selected products? Are there any best practices or limitations I should be aware of?
Thanks in advance for any guidance!
Best answer by Rob_P
Hi @desertfalcon -
This highly requested functionality is on our 2026 roadmap for Threat Profiles. This way, you could add a specific vendor or product stack to your Threat Profile, and as soon as we learn about a new vulnerability for that product it would be added there. Right now you can track a specific vulnerability and add that to your Threat Profile. While I recognize it's not quite the use case solution you’re looking for, it's an alternative if you want to track any changes for a specific or known CVE.
Additionally, you can subscribe to the Vulnerability Digest report in your Google Threat Intelligence settings by going to your Profile Icon > Email Notifications > Vulnerability Digest. You can set this for the Risk Ratings, but not per technology or vendor.
This highly requested functionality is on our 2026 roadmap for Threat Profiles. This way, you could add a specific vendor or product stack to your Threat Profile, and as soon as we learn about a new vulnerability for that product it would be added there. Right now you can track a specific vulnerability and add that to your Threat Profile. While I recognize it's not quite the use case solution you’re looking for, it's an alternative if you want to track any changes for a specific or known CVE.
Additionally, you can subscribe to the Vulnerability Digest report in your Google Threat Intelligence settings by going to your Profile Icon > Email Notifications > Vulnerability Digest. You can set this for the Risk Ratings, but not per technology or vendor.
