Applied Threat Intelligence (ATI) helps you identify and respond to threats. It continually
analyzes and evaluates your security telemetry against Indicators of Compromise
(IoCs) curated by Mandiant threat intelligence.
When ATI is enabled, Google Security Operations ingests IoCs curated
by Mandiant threat intelligence that have an Indicator Confidence Score (IC-Score) greater than 80. When a match is found, an alert is generated. You can then investigate the IoC on the IoC matches page, which displays possible IoC matches for domains, IP addresses,
file hashes, and URLs. Information about the IoC is displayed, including:
GCTI priority
IC-Score
Associations
Campaigns
You can also view detailed information about the events that triggered the IoC match, information from the threat intelligence source,
and the rationale for the IC-Score. For more information, see View IoCs using Applied Threat Intelligence.
Google SecOps curated detections evaluate your event data against
Mandiant threat intelligence data, and generates an alert when one or more rules
identify a match to an IoC with an Active Breach or High priority.
To use Applied Threat Intelligence, do the following:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eApplied Threat Intelligence helps identify and respond to threats by analyzing security telemetry against Mandiant threat intelligence IOCs.\u003c/p\u003e\n"],["\u003cp\u003eWhen enabled, it ingests IOCs with an IC-Score over 80, generating alerts upon finding a match.\u003c/p\u003e\n"],["\u003cp\u003eThe IOC Matches page displays matches for domains, IP addresses, and file hashes, providing details like GCTI Priority and IC-Score.\u003c/p\u003e\n"],["\u003cp\u003eGoogle Security Operations SIEM curated detections trigger alerts when event data matches an IOC with an Active Breach or High label.\u003c/p\u003e\n"],["\u003cp\u003eUsing Applied Threat Intelligence requires enabling curated detections and using the IOC matches page to investigate alerts.\u003c/p\u003e\n"]]],[],null,["# Applied Threat Intelligence overview\n====================================\n\nSupported in: \nGoogle secops [SIEM](/chronicle/docs/secops/google-secops-siem-toc)\n\nApplied Threat Intelligence (ATI) helps you identify and respond to threats. It continually\nanalyzes and evaluates your security telemetry against Indicators of Compromise\n(IoCs) curated by Mandiant threat intelligence.\n\nWhen ATI is enabled, Google Security Operations ingests IoCs curated\nby Mandiant threat intelligence that have an [Indicator Confidence Score](https://cloud.google.com/chronicle/docs/detection/understand-ic-score) (IC-Score) greater than 80. When a match is found, an alert is generated. You can then investigate the IoC on the **IoC matches** page, which displays possible IoC matches for domains, IP addresses,\nfile hashes, and URLs. Information about the IoC is displayed, including:\n\n- GCTI priority\n- IC-Score\n- Associations\n- Campaigns\n\nYou can also view detailed information about the events that triggered the IoC match, information from the threat intelligence source,\nand the rationale for the IC-Score. For more information, see [View IoCs using Applied Threat Intelligence](/chronicle/docs/detection/ati-view-ioc-page).\n| **Important:** Applied Threat Intelligence in Google SecOps is available with a Google SecOps Enterprise Plus license.\n\nGoogle SecOps curated detections evaluate your event data against\nMandiant threat intelligence data, and generates an alert when one or more rules\nidentify a match to an IoC with an *Active Breach* or *High* priority.\n\nTo use Applied Threat Intelligence, do the following:\n\n1. Enable the [Applied Threat Intelligence curated detections](/chronicle/docs/detection/ati-curated-detections).\n2. Investigate alerts using the [**IOC matches** page](/chronicle/docs/detection/ati-view-ioc-page).\n\nYou can also learn more about how the IC-Score is assigned in the [IC-Score overview](/chronicle/docs/detection/understand-ic-score).\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
