Mandiant Advantage Threat intelligence

Version: 1.5
Updated: Jul 18, 2023

Mandiant Threat Intelligence is a comprehensive and powerful SaaS platform that provides organizations of all sizes with up-to-the-minute, relevant cyber threat intelligence so you can focus on and address the threats that matter now.

Actions

• Get Indicator By Value (Enrichment) - For given organization retrieves devices matching all filters, that are used in query.
• Search (Enrichment) - List organizations that belong to given organization (including itself, if type matches).

Mandiant Threat Intelligence configuration

1. Log in to the Mandiant Threat Intelligence.
   
2. On Threat Intelligence click Settings.
   
3. Click on Get Key ID And Secret.

Mandiant Advantage Threat intelligence in Automation Service and Cloud SOAR

1. Access integrations in the Automation Service or Cloud SOAR.
2. After the list of the integrations appears, search/look for the integration and click on the row.
3. The integration details will appear. Click on the **"+" **button to add new Resource.
   
4. Populate all the required fields (*) and then click SAVE.
   • Label. The name for the resource
   • URL. The base API URL for WithSecure Elements. Default: 'https://api.intelligence.mandiant.com'.
   • Public Key. The public key previously obtained.
   • Private Key. The private key previously obtained.
     
5. To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
   
6. Click TEST SAVED SETTINGS.
   
7. You should receive a successful notification in the bottom right corner.
   

Category

Threat Intelligence-Reputation

Change Log

• April 27, 2023 (v1.0) - First Upload
• July 18, 2023 (v1.5) - Removed leading/trailing spaces