Mandiant

The Mandiant Advantage Threat Intelligence Integration with ThreatConnect® allows
customers to ingest Mandiant Advantage Threat Intelligence Reports, Indicators, Campaigns, Vulnerabilities Actors, and Malware, into
ThreatConnect seamlessly. Mandiant Advantage Intelligence feed is a valuable resource for intelligence on malicious activity including actors, malware, and attack patterns. 

This app can be found in the ThreatConnect App catalog under the name: Mandiant Advantage Threat Intelligence Engine

The Polarity - Mandiant Threat Intelligence integration provides automated access to indicators of compromise (IOCs), CVE information, as well as information on the adversary from the Mandiant Threat Intelligence API. Enabling analysts to have a complete picture of the IOCs so they can quickly triage the threat or dismiss it if it isnt one.

Examples

Mandiant Threat Intel Data Overview - IOCs

• Summary Tags: Instantly know if an IOC like a hash/ip/domain etc. is malicious, the Mandiant assigned risk score, number of reports related to the IOC and any threat actor groups utilizing it and any search results relating to the IOC. Quick access to this information enables analysts to have a complete picture of an IOC and how it might effect their organization without having to drill in for more information.
• V3 - V4 API Information: When drilling into the details of the indicator analysts can quickly asses more context from the different Mandiant APIs. Enabling analysts to have the complete context necessary to make decisions regarding the indicators in question.
• Indicator Context: While looking at the different API versions analysts can get a variety of information about the indicator from what threat actor group it belongs to, more information on the threat score, and summary of the threat as well as even more context pending on the indicator in question.

Mandiant Threat Intel - Search Results

• Search Results: Analysts can now quickly understand if there are any search results relating to indicators, vulnerabilities, threat actors etc.. allowing for a complete awareness in reports and more from Mandiant. Enabling analysts to make quick decisions on how that indicator or threat group might be affecting your company.

Mandiant Threat Intel - CVEs

• Summary Tags: When searching for a CVE analysts can quickly understand how the CVE might effect them and their company. From understanding if it is associated with malware, the number of reports, what threat actors are associated with it and if there are any related search results.
• Reports: When drilling into more information on the CVE, quickly get a preview of all the different reports that it relates to.
• Vulnerabilities: When drilling into the details of CVEs analysts can quickly see all of the vulnerability information about the CVE. From when the CVE came into affect, to what the mitigation steps of the CVE are. Allowing anlaysts to quickly have a complete understanding on how to manage the CVE in their environment and how it is effecting their environment.