# The Google Threat Intelligence Module

The Google Threat Intelligence (GTI) Module allows you to import the reports you are interested in into your Liberty91 tenant. You have fine-tuned control over what type of report from what kind of source you'd like to include.

To start importing GTI reports, you need a paid-for subscription with Google. 

Find your API-key by going to <https://www.virustotal.com/>, then click on your username in the topright of the screen, and select API-key in the drop-down menu.&#x20;

<div align="center"><figure><img src="/files/Hx4zRRnLQXtuieXKrf6n" alt="" width="105"><figcaption><p>Click on API-key</p></figcaption></figure></div>

You will be able to see your API-key use here. Your actual key is blurred, but you can unblur by clicking on the eye. You don't actually need to though: just click on the 'copy' icon next to the eye icon, and it will be stored in your clipboard.

<figure><img src="/files/09P3IkO5FiR0vRp86i1L" alt=""><figcaption></figcaption></figure>

Next, go to <https://platform.liberty91.com/modules> and select the Google Threat Intelligence Module from the Collection Modules.

Drop the API-key you've copied from VirusTotal in the API-key field in the GTI Module here:&#x20;

<figure><img src="/files/UelzjM3UawTkgHyjI0Ou" alt=""><figcaption></figcaption></figure>

Next, select the TYPE of reports you want to include. We recommend keeping OSINT Articles and Patch Reports unchecked, because of the number of reports involved. Turning this on will quickly clog and dominate your Liberty91 dashboards.

<figure><img src="/files/xXfSU0ZWyZhqoTLwZU9M" alt=""><figcaption></figcaption></figure>

Next, choose the source types you want to include. Google Threat Intelligence reports on a lot of different topics, and includes open source reporting in their feed as well. If you really want to, you can ingest these reports in Liberty91 as well, but we strongly advise against it: they are included through other modules already anyway and will overwhelm your Liberty91 tenant.

<figure><img src="/files/ZQm7OdHSTrh7gwVJeRmF" alt=""><figcaption></figcaption></figure>

Finally, click 'update'. If everything works, you will see "Google Threat Intelligence Module is active" appear under the page title.

Turning on this module will consume 96 API-calls per day, or 2976 per month (one per 15 minutes). New reports will immediately start being ingested. If you also want to activate importing the results of your VirusTotal LiveHunts, you can do that in the [VirusTotal Module](/modules/collection-modules/the-virustotal-module.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.liberty91.com/modules/collection-modules/the-google-threat-intelligence-module.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.