Skip to main content

Mandiant Advantage Feed

This Integration is part of the Mandiant Advantage Feed Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.1.0 and later.

Mandiant Feed Integration.

Configure Mandiant Feed on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Mandiant Feed.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Fetch indicatorsFalse
    Indicator ReputationIndicators from this integration instance will be marked with this reputationFalse
    Source ReliabilityReliability of the source providing the intelligence dataTrue
    Traffic Light Protocol ColorThe Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feedFalse
    Feed Fetch IntervalFalse
    Public KeyTrue
    Secret KeyTrue
    feedExpirationIntervalThe interval after which the feed expires.False
    feedExpirationPolicyThe feed's expiration policy.False
    Mandiant indicator typeThe indicators' type to fetch. Indicator type might include the following: Domains, IPs, Files and URLs.False
    First fetch timeThe maximum value allowed is 90 days.False
    Server URL (e.g. https://api.intelligence.fireeye.com)True
    Maximum number of indicators per fetchFalse
    TagsSupports CSV values.False
    TimeoutAPI calls timeout.False
    Trust any certificate (not secure)False
    Bypass exclusion listWhen selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.False
    Retrieve indicator metadataRetrieve additional information for each indicator. Please note that this requires additional API calls.False
    Create relationshipsPlease note that this requires additional API calls.False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

feed-mandiant-get-indicators#


get mandiant indicators

Base Command#

feed-mandiant-get-indicators

Input#

Argument NameDescriptionRequired
update_contextupdate context.Optional
limitnumber of indicators to fetch.Optional
indicatorMetadataRetrieve additional data for each indicator. Possible values are: true, false. Default is false.Optional
indicatorRelationshipsCreate relationships. Possible values are: true, false. Default is false.Optional
typeWhat indicators types to fetch. Possible values are: Malware, Indicators, Actors. Default is Malware,Indicators,Actors.Required

Context Output#

There is no context output for this command.