Applied Threat Intelligence helps you identify and respond to threats. It continually
analyzes and evaluates your security telemetry against indicators of compromise
(IOCs) curated by Mandiant threat intelligence.
When Applied Threat Intelligence is enabled, Google Security Operations SIEM ingests IOCs curated
by Mandiant threat intelligence with an IC-Score greater than 80. When a match is
found, an alert is generated, and you can then investigate the match using the IOC matches page.
The IOC Matches page displays possible IOC matches for domains, IP addresses, and
file hashes. The page includes information about the match, including the following:
GCTI Priority
Indicator Confidence Score (IC-Score)
Associations
Campaigns
You can view detailed information
about events that triggered the match, information from the threat intelligence source,
and the rationale behind the IC-Score.
Google Security Operations SIEM curated detections evaluate your event data against
Mandiant threat intelligence data, and generates an alert when one or more rules
identify a match to an IOC with either the Active Breach or High label.
To use Applied Threat Intelligence, do the following:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-06 UTC."],[[["Applied Threat Intelligence helps identify and respond to threats by analyzing security telemetry against Mandiant threat intelligence IOCs."],["When enabled, it ingests IOCs with an IC-Score over 80, generating alerts upon finding a match."],["The IOC Matches page displays matches for domains, IP addresses, and file hashes, providing details like GCTI Priority and IC-Score."],["Google Security Operations SIEM curated detections trigger alerts when event data matches an IOC with an Active Breach or High label."],["Using Applied Threat Intelligence requires enabling curated detections and using the IOC matches page to investigate alerts."]]],[]]
