Cập nhật thay đổi Biểu tượng cảm xúc là một cách tuyệt vời để mọi…
Earlier this year, Google announced in advance the integration between the Alert Center and VirusTotal. The Google Workspace Alert Center now provides administrators with real-time alerts and actionable insights about security-related activity in their domain. With VirusTotal integration (now part of Google Cloud), admins have the ability to dig into their alerts on a deeper level.
When an Alert Center message contains a supported VirusTotal entity, such as a domain, attachment, or IP address, the VirusTotal report enrichment widget (VT Augment) will be available directly in the Alert Center. newspaper. For paid VirusTotal subscribers, the enhanced version of the report will auto-populate.
The Standard version of the VirusTotal report includes:
- Observable identities — Characteristics and identities that allow you to reference the threat and share it with other analysts (e.g. file hashes).
- Reputational Threats — Malicious ratings from over 70 security vendors, including anti-virus solutions, security companies, network block lists, etc.
- Threat propagation time — Key dates let you know when a particular threat was first observed in the wild and how long it was active.
- Domain/IP Whois Lookup — Registrar and registrant details for domains, as well as ownership and network coverage information for IP addresses.
- Domain and server security-related metadata — HTTPS certificate for web server, web server's DNS resolution records and HTTP headers.
The enhanced version of VirusTotal reports includes additional features such as:
- Multi-perspective detection — Additional threat analysis from crowdsourced rule matches and community scoring (e.g. YARA, Sigma, and IDS rules).
- Intrusion-related indicators (IOCs)—Examples of IOCs include malware file delivery network infrastructure, servers acting as command and control for a given threat , malicious URLs seen in a certain domain, domains seen after a certain IP address, and much more.
- Interactive Threat Graph — A graphical format that outlines entire threat campaigns by visualizing relationships between IOCs.
- Security-related metadata — Includes software publisher information, identification of malicious macros in documents, popularity ratings for domains, domain content classifications, etc.
- Wild details — Geographical and propagation time details for threats, common attacker deception techniques, and more, via VirusTotal sending metadata.
- Suspicious attribute rotation — Clickable detail in the VirusTotal report, allowing you to explore the global VirusTotal dataset to find other threats with the same attributes.
Visit the Help Center and learn more about how to use it VirusTotal security threat landscape and reputation report from Alert Center for enhanced threat identification, rapid investigation and decision-making, enhanced threat remediation, and proactive defense.
Why it’s important
VirusTotal integration provides an additional layer of investigation on top of existing alerts, allowing administrators to take a deeper look at threats and potential abuse, helping them better protect their organization and data than.
VirusTotal provides an investigation layer on top of alerts but is not used directly for detection or alerting. No customer information is shared from Google with VirusTotal unless an administrator clicks it to retrieve the VirusTotal report for a specific entity.
VirusTotal Reports are available in two versions: Standard and Advanced. Standard reports are displayed to administrators with alert center privileges. The Advanced Edition is automatically displayed to paid VirusTotal subscribers who have an active virustotal.com login session using their VT Enterprise user accounts.
For existing VirusTotal Enterprise customers, viewing the VirusTotal report in the alert center does NOT use any of your VirusTotal Enterprise quota. If an administrator opens the VirusTotal website to do more research from the Alert Center, that will count towards standard quota usage in the same way as accessing virustotal.com directly.
- Admins: VirusTotal reports are available to admins with Alert Center privileges.
- End User: No end user impact.
- Rapid Release and Scheduled Release Domains: Gradual rollout (up to 15 days for feature exposure) starting July 26, 2021.
- Available to Google Workspace Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals and Education Plus customers
- Not applicable to Google Workspace Essentials, Business Starter, Business Standard, Enterprise Essentials, Frontline, and Nonprofits, and G Suite Basic and Business customers