This integration enables users to leverage Silent Push threat intelligence within Google SecOps to enrich security events and alerts with contextual threat data, automate incident investigation, and enhance detection and response workflows.
Key Features
The Silent Push Google SecOps application provides access to the following data types:
Domain and IP information: Includes risk scores, live Whois data, and certificate details to assess the security posture of domains and IPs.
Reputation data: Provides insights into the trustworthiness of ASNs, nameservers, and subnets.
Enrichment data: Offers comprehensive details for domains, IPv4, and IPv6 addresses, including DGA Probability, Alexa rank, registration details, and security flags.
Passive DNS (PADNS) data: Enables access to passive DNS records, enriched metrics like IP diversity, and support for forward/reverse PADNS lookups and density lookups.
Infratag details: Delivers infrastructure tag information, with optional clustering, to analyze domain-related connections.
Indicators of Future Attack (IOFA) Feeds: Supplies feeds for proactive threat detection and attack prevention.
URL scanning: Supports live URL scans to retrieve metadata and capture screenshots for threat analysis.
Scan Data: Allows querying Silent Push's scan data repositories using SPQL syntax.
Benefits
Automated workflows: Streamlines investigation and response with real-time Silent Push enrichment.
Enhanced threat analysis: Adds risk scores, historical context, and infrastructure tagging directly into Google SecOps cases.
Proactive monitoring: Leverages IOFA feeds to detect threats before they materialize.
Flexible querying: Full SPQL support for custom threat hunting within playbooks.
Requirements
Google SecOps Instance
Silent Push Platform API Credentials
Silent Push Threat Check Access Key (Optional)
Installation
In Google SecOps, navigate to Content Hub → Response Integrations.
Search for and install the Silent Push package.
Click Configure and follow the prompts to enter your Silent Push API credentials.