Google Threat Intelligence: Step 1.1 - Direction |...

GCSCommunity · a week ago

Prerequisites

Access to the Homepage and its features, requires the user to have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s).

Actions

Registration

Google Threat Intelligence platform has an offering to sign up and create an account in the Footer section of the main page. This will navigate the user to a Virus Total: Join our community page.

Prerequisites

Organizations or users interested in signing up for Google Threat Intelligence need to have personal and organizational information readily available to enter into the request form.

Steps

On the Main Page of the Google Threat Intelligence platform, users who do not have a Google Threat Intelligence authentication and are attempting to Sign Up for the platform, those users will see a Join Our Community sign up page.
Users are asked to input the following information:
1. First Name
2. Last Name
3. Email (Organizational)
4. Username
5. Password
6. Repeat Password
Users are directed to read and agree to the Terms of Service and Privacy Notice, then select the confirmation box.
Click the icon titled Join Us.
Users will receive an email once completed, welcoming them to VirusTotal (Google Threat Intelligence).
When users get an account, and do not belong to their organization’s Google Threat Intelligence group, they must request their organization’s Google Threat Intelligence Group administrator add them to their Google Threat Intelligence group, and will receive an email to join the group.

Relevant Documentation Links

All Steps: https://www.virustotal.com/gui/join-us

Prerequisites Organizations or users interested in signing up for Google Threat Intelligence need to have personal and organizational information readily available to enter into the request form. Steps On the Main Page of the Google Threat Intelligence platform, users who do not have a Google Threat Intelligence authentication and are attempting to Sign Up for the platform, those users will see a Join Our Community sign up page. Users are asked to input the following information: First Name Last Name Email (Organizational) Username Password Repeat Password Users are directed to read and agree to the Terms of Service and Privacy Notice, then select the confirmation box. Click the icon titled Join Us. Users will receive an email once completed, welcoming them to VirusTotal (Google Threat Intelligence). When users get an account, and do not belong to their organization’s Google Threat Intelligence group, they must request their organization’s Google Threat Intelligence Group administrator add them to their Google Threat Intelligence group, and will receive an email to join the group. Relevant Documentation Links All Steps: https://www.virustotal.com/gui/join-us

Navigation Familiarity

Google Threat Intelligence has a user-friendly platform homepage, that provides four main areas for users. The Top Bar, Left Navbar (Menu), Main Section, and Footer. This navigation allows users to perform many tasks in one interface.

Prerequisites

Access to the Homepage and its features, requires the user to have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s).

Steps

1. In the Top Bar, users will discover the following elements:

Search Box
Smart Search
Managed Services
Upload Files
Notifications
Contact Support
User Menu

- Profile
- API Key
- Settings
- My Group
- Sign Out

2. Users can see the name of each section when computer cursor hovers over each element.

3. On the left-side of the homepage, users will see the Left Navbar (Menu) and discover the following features:

Threat Landscape
IoC Investigation
Report & Analysis
Threat Graph
Private Scanning
Vulnerability Intelligence
Attack Surface Management
Digital Threat Monitoring
Dashboards
API Key
Technology Integrations
Documentation
Support

4. The Main Section allows the users to utilize the search capability. Users can search for Indicators of Compromise (IOCs) in this section:

File hashes
Domains
IPs
URLs
Malware families
Threat actors
CVEs
Other malicious observations

5. Smart Search is identified by the icon,next to the search bar.

6. Users can upload files to analyze.

7. Threat Profiles, IOC Collections, and Reports, can be accessed below the Search Bar.

8. At the Footer section, users can gain access to many useful links, tools, and documentation. Users can find these under the following columns:

a. Google Threat Intelligence

- Contact Us | Get Support
- Sign up / Create Account
- ToS | Privacy Notice
- Blog | Release Notes

b. Popular Workflows

- Check IoCs via API
- Search for any Intel
- Create a Threat Profile
- Track Malware/Actors

c. Tools

- API Command-line
- YARA

d. Intel Offerings

- Incident Response
- Expertise Request
- Security Validation
- Managed Defense
- Applied Threat Intel in Chronicle

e. Documentation

- Getting Started
- Knowledge Base
- API Reference
- YARA Docs

Relevant Documentation Links

All Steps: https://gtidocs.virustotal.com/docs/google-threat-intelligence-navigation#4-footer-links

Prerequisites Access to the Homepage and its features, requires the user to have access, and a valid authentication. Users must be provided access and authentication from the organization’s administrator(s). Steps 1. In the Top Bar, users will discover the following elements: Search Box Smart Search Managed Services Upload Files Notifications Contact Support User Menu - Profile - API Key - Settings - My Group - Sign Out 2. Users can see the name of each section when computer cursor hovers over each element.3. On the left-side of the homepage, users will see the Left Navbar (Menu) and discover the following features: Threat Landscape IoC Investigation Report & Analysis Threat Graph Private Scanning Vulnerability Intelligence Attack Surface Management Digital Threat Monitoring Dashboards API Key Technology Integrations Documentation Support 4. The Main Section allows the users to utilize the search capability. Users can search for Indicators of Compromise (IOCs) in this section: File hashes Domains IPs URLs Malware families Threat actors CVEs Other malicious observations 5. Smart Search is identified by the icon,next to the search bar. 6. Users can upload files to analyze.7. Threat Profiles, IOC Collections, and Reports, can be accessed below the Search Bar.8. At the Footer section, users can gain access to many useful links, tools, and documentation. Users can find these under the following columns: a. Google Threat Intelligence - Contact Us | Get Support- Sign up / Create Account- ToS | Privacy Notice- Blog | Release Notes b. Popular Workflows - Check IoCs via API- Search for any Intel- Create a Threat Profile- Track Malware/Actors c. Tools - API Command-line- YARA d. Intel Offerings - Incident Response- Expertise Request- Security Validation- Managed Defense- Applied Threat Intel in Chronicle e. Documentation - Getting Started- Knowledge Base- API Reference- YARA Docs Relevant Documentation Links All Steps: https://gtidocs.virustotal.com/docs/google-threat-intelligence-navigation#4-footer-links

GTI API Key

Google Threat Intelligence possesses several different APIs, but Google allows users to use their Google Threat Intelligence API Key for any requests.

Prerequisites

Users must register with Google Threat Intelligence.
Users must create an account
Users must sign into their account

Steps

Google Threat Intelligence users must sign into their account.
Go to the Top Bar section of the main page of the platform, on the top right-hand side.
Click the User Menu section, and a drop down menu will appear.
Select API Key from the drop down menu.
The API Key page will appear, where users can find the API Key under the section titled Google Threat Intelligence API Key.
The API Key will be masked with a blurred out cover.
There will be two icons next to the blurred out cover, that will allow users to see the API Key, by selecting Show Key. Users can also select Copy to make a copy of the API Key.
Additional option sections on this page include:
1. API Quota Allowances (For your user)
2. Consumption Quota Usage over last 30 days.

Relevant Documentation Links

All Steps: https://www.virustotal.com/gui/my-apikey

Prerequisites Users must register with Google Threat Intelligence. Users must create an account Users must sign into their account Steps Google Threat Intelligence users must sign into their account. Go to the Top Bar section of the main page of the platform, on the top right-hand side. Click the User Menu section, and a drop down menu will appear. Select API Key from the drop down menu. The API Key page will appear, where users can find the API Key under the section titled Google Threat Intelligence API Key. The API Key will be masked with a blurred out cover. There will be two icons next to the blurred out cover, that will allow users to see the API Key, by selecting Show Key. Users can also select Copy to make a copy of the API Key. Additional option sections on this page include: API Quota Allowances (For your user) Consumption Quota Usage over last 30 days. Relevant Documentation Links All Steps: https://www.virustotal.com/gui/my-apikey

Next Step: Google Threat Intelligence: Step 1.2 - Direction | Admin Setup

Previous Step: Google Threat Intelligence: Step 1 - Direction Overview