You can view Composite Detections from Google Security Operations directly within the Mandiant Managed Defense Portal. These alerts are available in the Activity > Alerts table, where they appear with a "[Composite]" prefix in the Signature Name field.
There is a known issue where the "Source" appears as "Unidentified Source." Mandiant analysts will identify sources of activity in Investigation reports that include composite detections.
Mandiant Threat Defense customers are required to migrate all Trellix technologies to Google Security Operations by March 16, 2027. For more details, see the Mandiant Threat Defense Trellix Technology migration to Google Security Operations guide.
The default lifetime for Managed Defense API access tokens (expires_in) is now 1800 seconds.
On the Managed Defense Threat Hunting Dashboard, Leads Generated has been updated to Signals Correlated. Additionally, the way these stats are calculated has changed to be based on composite detections. Historical data earlier than late November is not available. Contact your Mandiant Threat Defense Consultant if you need historical information.
For more information about the Managed Defense Threat Hunting Dashboard see, Managed Defense Threat Hunting.
The Mandiant Threat Defense Hunt Leads Dashboard is available in Google Security Operations (SecOps).
Investigations contain links to Google Threat Intelligence context for entities (IP addresses, Domains, URLs, and SHA256 file hashes). This information is located in the evidence section of an Investigation and applies to all Investigations. In the Managed Defense portal, click the Google Threat Intelligence icon next to an entity to display a summary of the threat actor, malware family, and verdicts from engine vendors and sandboxes.
For more information, see Working with Investigations.
The Health menu in the Managed Defense portal has been removed for Mandiant Threat Defense customers. It is recommended that customers monitor the health of their integrations using the Google Security Operations (SecOps) platform. Google SecOps provides more visibility into integration status than the Managed Defense portal Health component.
Mandiant Hunt is now available as an add-on to Security Command Center Enterprise. Mandiant Hunt focuses on hunting for cloud based threats.
For more information about this offering visit the Mandiant Hunt product page on Google Cloud.