In addition to a number of integrations supported by our legacy APIs, Mandiant Advantage Threat Intelligence (MATI) can be consumed, analyzed, and operationalized in a number of platforms central to our customers' existing threat intelligence workflows utilizing our Threat Intelligence API.
Mandiant integrations
The following integrations were developed and are maintained by Mandiant:
| Integration | Developed By | Description | Mandiant API Version | Type | Vendor Links |
|---|---|---|---|---|---|
| Cortex XSOAR (Enrichment) | Mandiant | Collects threat intelligence from Mandiant and adds it to the Cortex XSOAR indicator store for use during automated enrichment and investigations | v4 | SOAR | Learn More and Download |
| Elastic SIEM | Mandiant | Collects threat intelligence from Mandiant for correlation in Elastic SIEM to help discover potential threats.
|
v4 | SIEM | Learn More and Download |
| IBM QRadar | Mandiant | Collect indicators and ingest into the QRadar SIEM to drive correlation and alerting | v4 | SIEM | Learn More and Download |
| Maltego | Mandiant | Enriches indicators with intelligence from Mandiant | v4 | Analyst Research | Learn More and Download |
| Microsoft Sentinel / Defender for Endpoint | Mandiant | An Azure Logic App that collects indicators from Mandiant and adds them to either Microsoft Sentinel or Defender for Endpoint using the Microsoft Graph Security API | v4 | SIEM / Endpoint | |
| MISP | Mandiant | The Mandiant MISP Collector allows users to pull in threat intelligence from Mandiant into MISP's open-source data aggregation and threat sharing platform | v4 | TIP | Learn More and Download |
| ServiceNow Vuln Response | Mandiant | The Vulnerability Response app, powered by Mandiant, enhances customers' vulnerability prioritization workflows and enable efficient remediation of vulnerabilities. | v4 | Vulnerability Response | Learn More and Download |
| Splunk SIEM | Mandiant | The Mandiant Advantage App for Splunk allows users to pull in threat intelligence from Mandiant into Splunk’s powerful data platform | v4 | SIEM | Learn More and Download |
| Splunk SIEM (Cloud) | Mandiant | This Splunk Cloud-focused app is a lightweight app focused on ingesting Indicators of Compromise (IoC) for use in Splunk detections. | v4 | SIEM | Learn More |
| Splunk SOAR | Mandiant | Pulls Mandiant data into Splunk SOAR for infrastructure orchestration, case management, playbook automation, and integrated threat intelligence | v4 | SOAR | Learn More and Download |
Google and Mandiant integrations
The following integrations were co-developed by Google and Mandiant as a joint offering for Google Cloud Security customers:
| Integration | Developed By | Description | Mandiant API Version | Type | Vendor Links |
|---|---|---|---|---|---|
| VirusTotal | VirusTotal | Joint customers can now see Mandiant Threat Intelligence data (IoC reputation, malware toolkit/family attribution, threat actor attribution} in VirusTotal IoC (domain, IP, URL, file) reports. | v4 | TIP | Learn More |
Technical Accelerators
The following technical acceleration (TA) scripts are developed by the Mandiant Intel Services tech team, and are supported as time allows. These TA scripts enable you to interact with the API and are primarily provided for example code and to demonstrate specific use cases where an official integration may not exist.
| Integration | Developed By | Description | Mandiant API Version | Type | Vendor Links |
|---|---|---|---|---|---|
| Mandiant MAVE (v1.22) | Mandiant | Enriches a given list of vulnerabilities with intelligence from Mandiant | v4 | App | Learn More and Download |
|
Mandiant Threat Intel Client for Python
|
Mandiant
|
Library that enables developers/customers to easily access the Mandiant Advantage Threat Intelligence data and use it in their own scripts and systems. |
v4
|
Library | |
| MicroFocus ArcSIght | Mandiant | Collects indicators from Mandiant and adds them to an ArcSight index to drive correlation searches for alerting and threat hunting | v4 | SIEM | Pending |
Third-party integrations
The following integrations were developed and are maintained by the third-party vendors listed:
| Integration | Developed By | Description | Mandiant API Version | Type | Vendor Links |
|---|---|---|---|---|---|
| Analyst1 | Analyst1 | Access and organize Mandiant intelligence reports using the Analyst1 platform | v4 | TIP | Learn More |
| Anomali ThreatStream | Anomali | The Anomali integration with Mandiant provides access to contextually rich threat intelligence from Mandiant including indicators of compromise, threat actors, malware families, and finished intelligence reports. | v4 | TIP | Learn More and Download |
| Cyware | Cyware Situational Awareness Platform | Collects intelligence from Mandiant and makes it available in the Cyware security operations platform | v4 | TIP | |
| EclecticIQ | EclecticIQ | Collects intelligence from Mandiant and makes it available in the EclecticIQ security operations platform | v4 | TIP | Learn More and Download |
| Netskope | Netskope | Collects intelligence from Mandiant and makes it available in the Netskope security operations platform | v4 | SIEM / UEBA |
Pending
|
| Nucleus | Nucleus | Collects intelligence from Mandiant and makes it available in the Nucleus vulnerability management platform | v4 | Vulnerability Intelligence | Learn More and Download |
| OpenCTI | OpenCTI | The Open CTI integration collects intelligence from Mandiant, including, indicators, threat actors, malware families, and vulnerabilities; and makes the data available in the Open CTI platform | v4 | TIP | Learn More and Download |
| Polarity | Polarity | Collects intelligence from Mandiant and makes it available in the Polarity security operations platform | v3 and v4 | TIP | |
| Recorded Future | Recorded Future
|
Collects intelligence from Mandiant and makes it available into Intelligence Cards within Recorded Future
|
v4 | TIP | Learn More and Download |
| Securonix | Securonix | Collects intelligence from Mandiant and makes it available in the Securonix Unified Defense SIEM platform | v4 | SIEM | Learn More and Download |
| SentinelOne | SentinelOne | Collects intelligence from Mandiant and makes it available in the Sentinel One XDR platform | v4 | XDR | Learn More and Download |
| Siemplify | Siemplify | Collects intelligence from Mandiant and makes it available in the Siemplify security operations platform | v4 | SOAR | |
| Silobreaker | Silobreaker | Collects intelligence from Mandiant and makes it available in the Splunk Threat Intelligence platform | v4 | TIP | |
| Splunk Threat Intelligence | Splunk | Collects intelligence from Mandiant and makes it available in the ThreatConnect security operations platform
|
v4 | TIP | Learn More and Download |
| Sumo Logic SOAR
|
Sumo | Collects intelligence from Mandiant and makes it available in the Sumo security operations platform
|
v4 | SOAR | Learn More |
| Swimlane | Swimlane | The Mandiant Threat Intelligence plugin integrates with Swimlane to express cyber threats and provide observable information. | v4 | SOAR | Learn More and Download |
| Synapse | Vertex | Collects intelligence from Mandiant and makes it available in the Synapse security operations platform | v4 | TIP | |
| Threat Command | Rapid7 | Collects intelligence from Mandiant and makes it available in the Rapid7 Threat Command platform
|
v4 | TIP | Learn More and Download
|
| ThreatConnect | ThreatConnect | Collects intelligence from Mandiant and makes it available in the ThreatQuotient platform | v4 | TIP | |
| ThreatQuotient | ThreatQuotient | Collects intelligence from Mandiant and makes it available in the ThreatQuotient platform | v4 | TIP | |
| Vulcan | Vulcan Platform | Mandiant adds another layer of intelligence to the CVE severity based on extensive vulnerabilities research. | v4 | Vulnerability Intelligence |