Applied Threat Intelligence (ATI) helps you identify and respond to threats. It continually
analyzes and evaluates your security telemetry against Indicators of Compromise
(IoCs) curated by Mandiant threat intelligence.
When ATI is enabled, Google Security Operations ingests IoCs curated
by Mandiant threat intelligence that have an Indicator Confidence Score (IC-Score) greater than 80. When a match is found, an alert is generated. You can then investigate the IoC on the IoC matches page, which displays possible IoC matches for domains, IP addresses,
file hashes, and URLs. Information about the IoC is displayed, including:
GCTI priority
IC-Score
Associations
Campaigns
You can also view detailed information about the events that triggered the IoC match, information from the threat intelligence source,
and the rationale for the IC-Score. For more information, see View IoCs using Applied Threat Intelligence.
Google SecOps curated detections evaluate your event data against
Mandiant threat intelligence data, and generates an alert when one or more rules
identify a match to an IoC with an Active Breach or High priority.
To use Applied Threat Intelligence, do the following:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-20 UTC."],[[["Applied Threat Intelligence helps identify and respond to threats by analyzing security telemetry against Mandiant threat intelligence IOCs."],["When enabled, it ingests IOCs with an IC-Score over 80, generating alerts upon finding a match."],["The IOC Matches page displays matches for domains, IP addresses, and file hashes, providing details like GCTI Priority and IC-Score."],["Google Security Operations SIEM curated detections trigger alerts when event data matches an IOC with an Active Breach or High label."],["Using Applied Threat Intelligence requires enabling curated detections and using the IOC matches page to investigate alerts."]]],[]]
