Incoming feed - Threat Landscape#

Note

This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Create and configure incoming feeds.


Specifications

Transport type

VirusTotal Google Threat Intelligence Provider

Content type

Stix 2.1

Ingested data

Retrieves Indicators Threat Actor, Malware and other Objects

Processed data

Indicators, Malware, Attack Pattern, Threat Actor and relationships.

Description

Retrieve and process information on indicators of compromise and related entities.

Note

This integration supports Threat Landscape part of GTI, for details refer the documentation

Threat Actors and Campaigns are only available to users with the Google Threat Intelligence (Google TI) Enterprise or Enterprise Plus licenses…

Configure the Incoming feed#

  1. Create an Incoming feed.

  2. From the Transport type drop-down menu, select VirusTotal Google Threat Intelligence Provider.

  3. From the Content type drop-down menu, select Stix 2.1.

  4. The API URL field is automatically filled in with the default domain for the endpoint: https://www.virustotal.com/api/v3/collections.

  5. In the API key field, enter your GTI API key. Sign up to the Google Threat Intelligence Platform to automatically be assigned a personal API key to access the GTI API.
    If necessary, contact the intelligence provider to subscribe to the service and to obtain this information, along with any required authentication and authorization credentials.

  6. Select the Start ingesting from field, use the drop-down calendar to select a start date, and set a start time. The feed will fetch content from the stream starting from the time you specified.

  7. To store your changes, select Save.