Alert Center integrated with VirusTotal is now available

What’s changing 

Đầu năm nay, Google đã thông báo trước về việc tích hợp giữa Trung tâm cảnh báo và VirusTotal. Hiện tại, Trung tâm cảnh báo của Google Workspace customers cung cấp cho quản trị viên những cảnh báo và thông tin chi tiết có thể hành động theo thời gian thực về hoạt động liên quan đến bảo mật trong miền của họ. Với tích hợp tính năng VirusTotal (hiện là một phần của Google Cloud), quản trị viên có khả năng tìm hiểu các cảnh báo của họ ở cấp độ sâu hơn.

When an Alert Center message contains a supported VirusTotal entity, such as a domain, attachment, or IP address, the VirusTotal report enrichment widget (VT Augment) will be available directly in the Alert Center. newspaper. For paid VirusTotal subscribers, the enhanced version of the report will auto-populate.

The Standard version of the VirusTotal report includes:

• Observable identities — Characteristics and identities that allow you to reference the threat and share it with other analysts (e.g. file hashes).
• Reputational Threats — Malicious ratings from over 70 security vendors, including anti-virus solutions, security companies, network block lists, etc.
• Threat propagation time — Key dates let you know when a particular threat was first observed in the wild and how long it was active.
• Domain/IP Whois Lookup — Registrar and registrant details for domains, as well as ownership and network coverage information for IP addresses.
• Domain and server security-related metadata — HTTPS certificate for web server, web server's DNS resolution records and HTTP headers.

The enhanced version of VirusTotal reports includes additional features such as:

• Multi-perspective detection — Additional threat analysis from crowdsourced rule matches and community scoring (e.g. YARA, Sigma, and IDS rules).
• Intrusion-related indicators (IOCs)—Examples of IOCs include malware file delivery network infrastructure, servers acting as command and control for a given threat , malicious URLs seen in a certain domain, domains seen after a certain IP address, and much more.
• Interactive Threat Graph — A graphical format that outlines entire threat campaigns by visualizing relationships between IOCs.
• Security-related metadata — Includes software publisher information, identification of malicious macros in documents, popularity ratings for domains, domain content classifications, etc.
• Wild details — Geographical and propagation time details for threats, common attacker deception techniques, and more, via VirusTotal sending metadata.
• Suspicious attribute rotation — Clickable detail in the VirusTotal report, allowing you to explore the global VirusTotal dataset to find other threats with the same attributes.

Visit the Help Center and learn more about how to use it VirusTotal security threat landscape and reputation report from Alert Center for enhanced threat identification, rapid investigation and decision-making, enhanced threat remediation, and proactive defense.

Who’s impacted

Admins 

Why it’s important

VirusTotal integration provides an additional layer of investigation on top of existing alerts, allowing administrators to take a deeper look at threats and potential abuse, helping them better protect their organization and data than.

Additional details

VirusTotal provides an investigation layer on top of alerts but is not used directly for detection or alerting. No customer information is shared from Google with VirusTotal unless an administrator clicks it to retrieve the VirusTotal report for a specific entity.

VirusTotal Reports are available in two versions: Standard and Advanced. Standard reports are displayed to administrators with alert center privileges. The Advanced Edition is automatically displayed to paid VirusTotal subscribers who have an active virustotal.com login session using their VT Enterprise user accounts.

For existing VirusTotal Enterprise customers, viewing the VirusTotal report in the alert center does NOT use any of your VirusTotal Enterprise quota. If an administrator opens the VirusTotal website to do more research from the Alert Center, that will count towards standard quota usage in the same way as accessing virustotal.com directly.

Getting started

• Admins: VirusTotal reports are available to admins with Alert Center privileges. 
• End User: No end user impact.

Release time

• Rapid Release and Scheduled Release Domains: Gradual rollout (up to 15 days for feature exposure) starting July 26, 2021.

Availability

• Available to Google Workspace Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals và Education Plus
• Not applicable to Google Workspace Essentials, Business Starter, Business Standard, Enterprise Essentials, Frontline, and Nonprofits, and G Suite Basic and Business customers

Source: Gimasys