Answer Threat Intelligence questions with Gemini

Supported in:

Gemini can answer questions related to threat intelligence about topics such as threat actors, their associations, and their behavior patterns, including questions about MITRE TTPs.

Threat intelligence questions are limited to information available to your Google SecOps product edition. Answers to questions might vary depending on the product edition. Specifically, threat intelligence data is more limited in product editions other than Enterprise Plus because they don't include full access to Mandiant and VirusTotal.

Enter your questions into the Gemini pane.

  1. Enter a threat intelligence question. For example: What is UNC3782?

  2. Review the results.

  3. Investigate further by asking Gemini to create queries to look for specific IOCs referenced in the threat intelligence reports. Threat intelligence information is subject to available entitlements from your Google SecOps license.

Example: Threat intelligence and security questions

  • Help me hunt for APT 44
  • Are there any known attacker tools that use RDP to brute force logins?
  • Is 103.224.80.44 suspicious?
  • What types of attacks may be associated with CVE-2020-14145?
  • Can you provide details around buffer overflow and how it can affect the target machine?

Gemini and MITRE

The MITRE ATT&CK® Matrix is a knowledge base that documents the TTPs used by real-world cyber adversaries. The MITRE Matrix provides an understanding of how your organization might be targeted and provides a standardized syntax for discussing attacks.

You can ask Gemini questions about MITRE tactics, techniques, and procedures (TTPs) and receive contextually relevant answers that include the following MITRE details:

  • Tactic
  • Technique
  • Sub-technique
  • Detection suggestions
  • Procedures
  • Mitigations

Gemini returns a link to the curated detections Google SecOps makes available for each TTP. You can also ask Gemini follow up questions to gain additional insight on a MITRE TTP and how it might impact your enterprise.

Delete a chat session

You can delete your chat conversation session or delete all chat sessions. Gemini maintains all user conversation histories privately and adheres to Google Cloud's responsible AI practices. User history is never used to train models.

  1. In the Gemini pane, select Delete chat from the menu at the top right.
  2. Click Delete chat at the bottom right to delete the current chat session.
  3. (Optional) To delete all chat sessions, select Delete all chat sessions and then click Delete all chats.

Provide feedback

You can provide feedback to responses generated by the Gemini AI investigation assistance. Your feedback helps Google improve the feature and the output generated by Gemini.

  1. In the Gemini pane, select the thumbs up or thumbs down icon.
  2. (Optional) If you select thumbs down, you can add additional feedback about why you chose the rating.
  3. Click Send feedback.