Getting Started with your Threat Intelligence Subscription

Are you a new Mandiant Advantage Threat Intelligence (MATI) subscriber? See the Advantage Threat Intelligence QuickStart Guide for information that will allow you to quickly benefit from your subscription.

In addition to the QuickStart Guide, this Documentation portal also includes a number of guides and other resources to help you get the most out of your subscription:

• Threat Intelligence Integrations: API integrations allow you to pull additional context and intelligence into your existing security tooling.
• Threat Intelligence Guides: User guides walk you through how to use the MATI platform, including Threat Campaigns and File Analysis.
• Threat Intelligence Resources: Additional articles to help you understand how MATI collects and enriches threat intelligence data, including threat actor tracking and attribution.

The MATI platform itself provides highly interactive visualizations and reports that make it easy to drill down to the information that's most relevant to your organization with customizable dashboards and continuously updated threat activity alerts.

Sample Finished Intelligence Reporting Guide

Below is a summarized list of the most popular finished intelligence reports. Availability may vary based on your Threat Intelligence subscription.

Understanding Key Threats

• Actor profiles: In-depth analysis of key nation-state, criminal, and other malicious actors.
• Malware profiles: Detailed analysis of malware types linked to notable threat activity.

Threat Landscape Analysis

• Threats & environment by country & region: Regular updates on the threat landscape facing organizations with a presence in specific countries and regions.
• Threats & environment by industry: Regular updates on the threat landscape facing organizations with a presence in specific industries.
• Net assessments: Overview of current threats in specific categories, such as nation-state intrusion operations.

Tracking New Activity

• Event analysis: Significant threat developments and Mandiant’s analysis.
• Research insights: Rapid insights into new collections.

Vulnerabilities & Exploitation

• Weekly vulnerability exploitation trends: Tracking developments in critical- and high-risk vulnerabilities.

Malicious TTPs

• Targeted intrusion lures: Social engineering lure themes which have been, or may be, associated with targeted intrusion attempts.
• Malware targeting: Changes in focus for malware with configured targeting behavior.
• Operational technology-related phishing: Malicious emails with content related to ICS and other operational technology.

Popular Intelligence

• Weekly intelligence update: Intelligence from the past week that is notable and of high interest to our customers.

Additional Resources

• The latest on cybersecurity threats and news from Mandiant are discussed weekly on The Defender’s Advantage Podcast.
• All Threat Intelligence customers will receive an email invitation to attend Mandiant's Quarterly Threat Intelligence Briefing.

Intelligence Training & Enablement

Your Advantage subscription includes an array of training and enablement content, and it is highly recommended that all customers review each module to get the best experience.

The following In-Product Training & Content is available in this Documentation portal:

• Key Features Video: Overview of key Mandiant Advantage features

• Browser Plugin Demo Video: Watch a demonstration of the browser plugin

  There are two additional Browser Plugin videos:

  • MATI Browser Plugin Onboarding
  • Using the Browser Plugin with Splunk
    This video is for version 1.0 of the plugin so is not 100% up-to-date
• Browser Plugin Overview: Review documented details on the browser plugin
• Threat Intelligence Integrations: Describes available integrations with other platforms
• On-Demand Training Modules: A list of available Cyber Intelligence training modules available as paid options
• What's New: Learn about the latest Advantage features
• Offerings and Services: Deep dive on Mandiant Intelligence offerings
• FAQs: Learn more about Advantage assets and Mandiant security techniques

Additional On-Demand or Instructor-Led training courses are available as paid options. We are highlighting popular options here to assure awareness and to fulfill the demand many organizations have for this knowledge. 

• Introduction to Threat Intelligence and Attribution: Designed to provide insight into attribution methodology and demonstrate the proper handling of threat intelligence information
• Hunt Mission Workshop: How to employ a process framework to scope, execute, and validate the results of a network hunting operation and ensure each hunt mission improves security posture
• Introduction to Cyber Crime for Executives: Designed to educate senior leaders about cybercrime and incident response. Learners will review real-world intrusions, examining tactics and technologies
• Cyber Intelligence Foundations: How to apply the discipline of intelligence analysis to the cyber domain, including understanding the intelligence lifecycle and developing raw data into viable intel
• Cyber Intelligence Research I – Scoping: Teaches students to analyze, prioritize and fully understand requests for information (RFIs), and create a research plan that keeps their efforts on track
• Cyber Intelligence Research II – OSINT: Identify and develop pivot points or leads in investigations across multiple use cases. Review the basic functions of open-source tools and learn when and why to use them in their research
• Cyber Intelligence Production: How to convey analytic assessments and findings in intelligence reports and briefings covering strategic, operational, and technical intelligence products

Intelligence Services Options

In addition to expert training, organizations seeking additional best practices can leverage three additional Intelligence Services offerings to create a proactive security posture informing enterprise-wide decisions to reduce cyber risk:

Program Advisory: Help Assess, Design, and Enhance Customers’ In-house Capabilities to be Intelligence-led

• Assess: Current-state capability across people, process, and technology; develop a strategic roadmap to reach the enterprise goals for intelligence
• Design: Target-state capability, including team size, required roles, responsibilities, processes, technical requirements, and cross-enterprise intelligence integration points
• Enhance: Organizational-wide CTI capabilities through strategy development, operational procedure implementation, and technical consultation

Applied Intelligence: Proactive Reporting and Direct Access to Intelligence Experts and Raw Data

• Executive Intelligence Briefings: Understand the big picture perspective on cyber threats and trends that should be top of mind for security leaders (delivered weekly).
• Digital Threat Assessments: Identify your external risk exposure related to your digital footprint, allowing results to be incorporated into your overall business risk profile (analyzed over 30 days).
• Cyber Threat Profile: Prioritize the external threats facing your organization and their methods of attack to understand your internal exposure and defensive posture (offered as a managed or unmanaged service).
• On-Demand Analyst Support: Provides customers with the flexibility to request actionable intelligence by world-class intelligence analysts, on a wide scope of time-bound organizational needs.
• Proactive Analyst Support: Receive tailored intelligence reporting at defined frequencies, tuned to your specific threat profile and operating environment (offered remotely on an annual basis).
• Advanced Intelligence Access: Pivot quickly to changes in your threat profile by incorporating raw data, global telemetry, and custom tooling into your operational workflows (offered on-site on an annual basis).

Technology Advisory: Optimizing Technical Solutions

• Managed Threat Monitoring: Leave the management of your digital footprint to Mandiant. We collect your keywords and proactively notify you of exposure and suggest mitigation strategies. 
• Mandiant Cyber Operations Platform: The most realistic adversary emulation on the market. Our scalable, multi-purpose framework and infrastructure allows Mandiant experts to imitate malicious actors, by repurposing real-world APT payloads and custom-built attack packages to test cyber defense teams and help customers plug security gaps.
• Custom Tooling: Through the delivery of our various Mandiant Intelligence Services, we employ our homegrown private analyst tools. In addition, we create custom utilities for our customers to use and leverage during and after engagements. We also help our customers optimize their internal intelligence toolsets (TIPs).