Skip to main content

Mandiant Attack Surface Management

This Integration is part of the Mandiant Advantage Attack Surface Management Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

Integrate with Mandiant Advantage Attack Surface Management to import "issues" as Incidents. This integration was integrated and tested with version 1 of AttackSurfaceManagement

Configure Mandiant Attack Surface Management in Cortex#

ParameterDescriptionRequired
Your server URLThe ASM API URL. Leave as `https://asm-api.advantage.mandiant.com/\` if you're unsureTrue
Access KeyThe Access and Secret Keys used for authenticationTrue
Secret KeyTrue
Project IDThe ASM Project ID to retrieve issues fromFalse
Collection IDsA list of Collection IDs, separated by commas (`,`)False
Initial Lookback DaysThe number of days to look back when first retrieving issues.True
Maximum Issues To FetchThe maximum number of issues to pull during a single fetch-incidents command.True
Trust any certificate (not secure)False
Use system proxy settingsFalse
Mirror incoming incidentsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

attacksurfacemanagement-get-projects#


Retrieve a list of all accessible ASM projects.

Base Command#

attacksurfacemanagement-get-projects

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
MandiantAdvantageASM.Projects.NameStringThe name of the project
MandiantAdvantageASM.Projects.IDNumberThe ID of the project
MandiantAdvantageASM.Projects.OwnerunknownThe E-Mail of the project owner

Command example#

!attacksurfacemanagement-get-projects

Context Example#

{
"MandiantAdvantageASM": {
"Projects": [
{
"ID": 6797,
"Name": "ASMQA_AttackSurfaceAPP",
"Owner": "name@attacksurface.app"
}
]
}
}

Human Readable Output#

Results#

IDNameOwner
6797ASMQA_AttackSurfaceAPPname@attacksurface.app

attacksurfacemanagement-get-collections#


Retrieve a list of collections for a specified project

Base Command#

attacksurfacemanagement-get-collections

Input#

Argument NameDescriptionRequired
project_idThe ID of the project to query collections for.Optional

Context Output#

PathTypeDescription
MandiantAdvantageASM.Collections.NameStringThe name of the collection
MandiantAdvantageASM.Collections.IDStringThe ID of the collection
MandiantAdvantageASM.Collections.OwnerunknownThe owner of the collection

Command example#

!attacksurfacemanagement-get-collections

Context Example#

{
"MandiantAdvantageASM": {
"Collections": [
{
"ID": "attacksurface_mw3tdwq",
"Name": "Attacksurface_APP_QA",
"Owner": "ASMQA_AttackSurfaceAPP"
}
]
}
}

Human Readable Output#

Results#

IDNameOwner
attacksurface_mw3tdwqAttacksurface_APP_QAASMQA_AttackSurfaceAPP

fetch-incidents#


Fetch Incidents

Base Command#

fetch-incidents

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

get-remote-data#


Update a specific incident

Base Command#

get-remote-data

Input#

Argument NameDescriptionRequired
idThe ASM Incident ID.Required
lastUpdateRetrieve entries that were created after lastUpdate. Default is 0.Optional

Context Output#

There is no context output for this command.

update-remote-system#


Update issue in Mandiant Advantage ASM

Base Command#

update-remote-system

Input#

Argument NameDescriptionRequired

Context Output#

There is no context output for this command.

Incident Mirroring#

You can enable incident mirroring between Cortex XSOAR incidents and Mandiant Attack Surface Management corresponding events (available from Cortex XSOAR version 6.0.0). To set up the mirroring:

  1. Enable Fetching incidents in your instance configuration.

Newly fetched incidents will be mirrored in the chosen direction. However, this selection does not affect existing incidents. Important Note: To ensure the mirroring works as expected, mappers are required, both for incoming and outgoing, to map the expected fields in Cortex XSOAR and Mandiant Attack Surface Management.