Skip to main content

Google Threat Intelligence

Threat Intelligence

The Google Threat Intelligence connector integrates with the VirusTotal platform to synchronize real-time vulnerability threat data and ASM (Attack Surface Management) search issue findings and entity assets into the Brinqa platform. It uses the VirusTotal API v3 to retrieve CVE records from vulnerability collections, security issues from the ASM search issues endpoint, and asset entities from the ASM search entities endpoint.

The connector synchronizes the following categories of data:

  • CVE Records — Vulnerability intelligence from the /api/v3/collections endpoint (collection_type: vulnerability)
  • Vulnerability Findings (ASM) — Search issues with category vulnerability, along with their definitions
  • Violation Findings (ASM) — Search issues with categories other than vulnerability, threat, and leak, along with their definitions
  • Alert Findings (ASM) — Search issues with categories threat and leak, along with their definitions
  • ASM Entity Assets — 27 asset entity types from the /api/v3/asm/search/entities/ endpoint, filtered by scoped:true hidden:false

Data retrieved from Google Threat Intelligence

Connector ObjectRequiredMaps to Data Model
Alert (ASM)YesAlert
Alert Definition (ASM)YesAlert Definition
Api EndpointYesApi Endpoint
App EndpointYesSite
Autonomous SystemYesCloud Resource
Aws EC2 InstanceYesHost
Aws Rds Db InstanceYesHost
Aws S3 BucketYesCloud Resource
Azure Storage AccountYesCloud Resource
Azure Virtual MachineYesHost
CveRecordYesCve Record
Dns RecordYesSite
DomainYesSite
Email AddressYesPerson
GCP API GatewayYesCloud Resource
GCP App Engine ApplicationYesCloud Resource
GCP Cloud FunctionYesCloud Resource
GCP Cloud SQL InstanceYesHost
GCP Compute Engine InstanceYesHost
GCP Storage BucketYesCloud Resource
Github AccountYesCloud Resource
Github RepositoryYesCode Project
Ip AddressYesHost
NameserverYesSite
Net BlockYesIp Range
Network ServiceYesHost
Ssl CertificateYesSite Certificate
Unique KeywordYesCloud Resource
Unique TokenYesCloud Resource
UriYesSite
Violation (ASM)YesViolation
Violation Definition (ASM)YesViolation Definition
Vulnerability (ASM)YesVulnerability
Vulnerability Definition (ASM)YesVulnerability Definition

Model relationships

note

For detailed steps on how to view the data retrieved from Google Threat Intelligence in the Brinqa Platform, see How to view your data.