Mandiant Attack Surface Management
Mandiant Advantage Attack Surface Management Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.8.0 and later.
Integrate with Mandiant Advantage Attack Surface Management to import "issues" as Incidents. This integration was integrated and tested with version 1 of AttackSurfaceManagement
#
Configure Mandiant Attack Surface Management in CortexParameter | Description | Required |
---|---|---|
Your server URL | The ASM API URL. Leave as `https://asm-api.advantage.mandiant.com/\` if you're unsure | True |
Access Key | The Access and Secret Keys used for authentication | True |
Secret Key | True | |
Project ID | The ASM Project ID to retrieve issues from | False |
Collection IDs | A list of Collection IDs, separated by commas (`,`) | False |
Initial Lookback Days | The number of days to look back when first retrieving issues. | True |
Maximum Issues To Fetch | The maximum number of issues to pull during a single fetch-incidents command. | True |
Trust any certificate (not secure) | False | |
Use system proxy settings | False | |
Mirror incoming incidents | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
attacksurfacemanagement-get-projectsRetrieve a list of all accessible ASM projects.
#
Base Commandattacksurfacemanagement-get-projects
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
MandiantAdvantageASM.Projects.Name | String | The name of the project |
MandiantAdvantageASM.Projects.ID | Number | The ID of the project |
MandiantAdvantageASM.Projects.Owner | unknown | The E-Mail of the project owner |
#
Command example!attacksurfacemanagement-get-projects
#
Context Example#
Human Readable Output#
Results
ID Name Owner 6797 ASMQA_AttackSurfaceAPP name@attacksurface.app
#
attacksurfacemanagement-get-collectionsRetrieve a list of collections for a specified project
#
Base Commandattacksurfacemanagement-get-collections
#
InputArgument Name | Description | Required |
---|---|---|
project_id | The ID of the project to query collections for. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
MandiantAdvantageASM.Collections.Name | String | The name of the collection |
MandiantAdvantageASM.Collections.ID | String | The ID of the collection |
MandiantAdvantageASM.Collections.Owner | unknown | The owner of the collection |
#
Command example!attacksurfacemanagement-get-collections
#
Context Example#
Human Readable Output#
Results
ID Name Owner attacksurface_mw3tdwq Attacksurface_APP_QA ASMQA_AttackSurfaceAPP
#
fetch-incidentsFetch Incidents
#
Base Commandfetch-incidents
#
InputThere are no input arguments for this command.
#
Context OutputThere is no context output for this command.
#
get-remote-dataUpdate a specific incident
#
Base Commandget-remote-data
#
InputArgument Name | Description | Required |
---|---|---|
id | The ASM Incident ID. | Required |
lastUpdate | Retrieve entries that were created after lastUpdate. Default is 0. | Optional |
#
Context OutputThere is no context output for this command.
#
update-remote-systemUpdate issue in Mandiant Advantage ASM
#
Base Commandupdate-remote-system
#
InputArgument Name | Description | Required |
---|
#
Context OutputThere is no context output for this command.
#
Incident MirroringYou can enable incident mirroring between Cortex XSOAR incidents and Mandiant Attack Surface Management corresponding events (available from Cortex XSOAR version 6.0.0). To set up the mirroring:
- Enable Fetching incidents in your instance configuration.
Newly fetched incidents will be mirrored in the chosen direction. However, this selection does not affect existing incidents. Important Note: To ensure the mirroring works as expected, mappers are required, both for incoming and outgoing, to map the expected fields in Cortex XSOAR and Mandiant Attack Surface Management.