Google Emerging Threats Center Automates Detection Gaps
Category:Industry News
Google announced an Emerging Threats Center that converts real-world threat intelligence into synthetic events to test detection coverage across ATT&CK techniques like T1190, T1566, and T1486. The tool identifies gaps in existing SIEM/XDR detections and proposes new rules automatically. The system also reviews 12 months of historical telemetry to reveal whether organizations were previously exposed to emerging threats or zero-day activity. This reduces MTTD/MTTR and helps translate intelligence into operational defenses, particularly for teams overwhelmed during large-scale campaigns. Organizations should integrate the center into content-review pipelines, tune telemetry sources, and ensure human review before deploying AI-generated rules.
CORTEX Protocol Intelligence Assessment
Business Impact: Improves SOC efficiency by automating detection engineering and reducing lag between intel and detection. Technical Context: Relies on ATT&CK-aligned synthetic events and detection rule generation mapped to T1190, T1566, and T1486.
Strategic Intelligence Guidance
- Ensure comprehensive log coverage for accurate detection testing.
- Incorporate AI-generated detections into a governed review cycle.
- Map critical services to ATT&CK techniques for prioritization.
- Use outputs for board-level cybersecurity reporting.
Vendors
Threats
Targets
Intelligence Source: Google Emerging Threats Center Automates Detection Gaps | Nov 13, 2025