The Google Threat Intelligence Module

The Google Threat Intelligence (GTI) Module allows you to import the reports you are interested in into your Liberty91 tenant. You have fine-tuned control over what type of report from what kind of source you'd like to include.

To start importing GTI reports, you need a paid-for subscription with Google.

Find your API-key by going to https://www.virustotal.com/, then click on your username in the topright of the screen, and select API-key in the drop-down menu.

You will be able to see your API-key use here. Your actual key is blurred, but you can unblur by clicking on the eye. You don't actually need to though: just click on the 'copy' icon next to the eye icon, and it will be stored in your clipboard.

Next, go to https://platform.liberty91.com/modules and select the Google Threat Intelligence Module from the Collection Modules.

Drop the API-key you've copied from VirusTotal in the API-key field in the GTI Module here:

Next, select the TYPE of reports you want to include. We recommend keeping OSINT Articles and Patch Reports unchecked, because of the number of reports involved. Turning this on will quickly clog and dominate your Liberty91 dashboards.

Next, choose the source types you want to include. Google Threat Intelligence reports on a lot of different topics, and includes open source reporting in their feed as well. If you really want to, you can ingest these reports in Liberty91 as well, but we strongly advise against it: they are included through other modules already anyway and will overwhelm your Liberty91 tenant.

Finally, click 'update'. If everything works, you will see "Google Threat Intelligence Module is active" appear under the page title.

Turning on this module will consume 96 API-calls per day, or 2976 per month (one per 15 minutes). New reports will immediately start being ingested. If you also want to activate importing the results of your VirusTotal LiveHunts, you can do that in the VirusTotal Module.