Google

With the Google Calendar Playbook app, you can quickly query calendars for free time and scheduling a meeting. This often happens as part of a security investigation as an incident escalates or handoff event. An analyst can check availability on a shared calendar and then use the Create Meeting action to add a new meeting during an available window to keep the case moving along. This will help security teams save time and work more efficiently through investigations. 

The following actions are available:

• Create Meeting - Inserts a meeting with attendees on the Meeting Owner's calendar.
• Query Free Time - Retrieves free time for all attendees.

This app can be found in the ThreatConnect App Catalog under the name: Google Calendar

With the Google Drive Playbook app, you can easily drive investigations and automate actions for folders and files within the Google suite. Easily automate tasks like creating a new directory on Google Drive to store related evidence or artifacts, or copying a document over to store and update during the investigation.

The following actions are available:

• Create Directory - Creates a new directory (folder) in Google Drive.
• Copy File - Copies an existing file into a new directory.

This app can be found in the ThreatConnect App Catalog under the name: Google Drive

The Polarity - Google Drive integration enables analysts to search Google Drive for documents related to any keywords or indicators. Allowing analysts to quickly traverse through documents in specific knowledge management repositories to see what documents might reference an indicator or a keyword(s).

Examples

Google Drive Data Overview

• Document Preview: When clicking into the details view of the Google Drive integration analysts can get a quick preview of the document and then link back the document in Google Drive.
• Summary Tags: Quickly reference the title of any documents that contain the indicator or keywords that were looked up by Polarity.

With the Google Gmail integration you can easily integrate with Gmail so that you can automate email investigation and response actions by ingesting Gmail messages into ThreatConnect to orchestrate phishing triage and investigative actions.

The following actions are available:

• Delete Messages - This action allows the user to permanently delete one or more messages.
• Get Attachment - Retrieve an attachment by attachment ID.
• Get Message- Retrieve a message by its message ID.
• Add Labels - Add labels to one or many messages.
• Remove Labels - Remove labels from one or many messages.

This app can be found in the ThreatConnect App Catalog under the name: Google Gmail

The Polarity - Google Gemini integration allows for analysts to ask a question to Gemini and get back an AI driven answer. Allowing analysts to quickly ask Google Gemini questions about anything that they think they want an answer from Googles state of the art AI.

Examples

Google Gemini Data Overview

• Summary Tags: The Google Gemini integration works by asking Gemini a question, the question can be anything as long as it ends in a question mark. When the search comes back the associated summary tag will be the question that was asked.
• AI Response: The response from Gemini will be in the details of the integration. The response is behind a prompt to allow for companies to ensure that the question is appropriate. Once the prompt is accepted then Gemini will respond back in real time. Allow the analysts to quickly see the answer.

From there analysts can interact with Gemini and ask follow up questions and information.

The Polarity - Google Maps integration enabled analysts to quick geolocate information whenever they come across an address or a Lat Long. Enabling them to pull up Google Maps directly to navigate and see the area in question.

Examples

Google Maps Data Overview

• Summary Tags: Quickly know the address of a Lat Long if there is one associated, and know the Lat Long of an Address. Being able to quickly understand the inverse of an address.
• Map: The Polarity Google Maps integration enables analysts to see exactly where the address is on the map, and be able to interact with the map and scroll to see what could be located around the address/lat long.

The Polarity - Google Search integration utilizes the Google Custom Search Engine to search Google for anything that an analyst cares about never having to pivot out to Google to run searches on things.

Please check out the reference links for all the sites the integration utilizes.

For more on Google Custom Search Engines, please see: https://developers.google.com/custom-search/v1/overview

Examples

Google Search Data Overview

• Summary Tags: When an analyst searches information with the Google Search integration they can quickly tell the number of results associated.
• Search Results: If an analyst is interested in learning more about the searches, they can drill into the details and see the results of the searches. They can click on the "View in Browser" button to view the entire search results versus what is in Polarity.

The Polarity - Google Custom Search Engine integration allows analysts to search any custom Google Search Engine they have setup. Allowing analysts to get complete insights into searches that matter to their workflows.

Examples

Google Custom Search Data Overview

• Summary Tags: When searching for things with the Google Custom Search integration analysts will quickly know the number of associated Google search results.
• Results: When drilling into the details of the integration, analysts can quickly see the most popular search results, pivot directly to those or view the entire search.

The Polarity - Google Security Operations integration allows automated queries to the Events, Assets, and IOC Details endpoints in Security Operations' API from the Polarity user interface. The integration helps analysts quickly triage information from Security Operations to get the full picture of what might be occurring with indicators in their environment.

Examples

Google Security Operations Asset Data Overview

• Summary Tags: When running a search for an indicator in Google Security Operations, analysts quickly understand how many assets are associated with the indicator in your network.
• Asset Information: When drilling into the details of the Google Security Operation integration, analysts will be able to see more details on the assets associated with the indicator searched.

Google Security Operations Event Data Overview

• Summary Tags: When running a search for an indicator in Google Security Operation analysts quickly be able to understand how many events are associated with the indicator in your network.
• Event Details: When drilling into the details of the Google Security Operation integration, analysts will be able to see the events triggered that are associated with the indicator.

The Polarity - Google Translate integration enables analysts to quickly translate any text to a language of their choice. Enabling analysts to quickly get an understanding of what adversaries are doing.

Examples

Google Translate Data Overview

• Summary Tags: Quickly know what language was identified.
• Translated Output: See the output of the text you wanted analyzed by Google Translate.