Updated Articles

  1. Proxy Allowlist for Threat Intelligence

    Last Updated: 02/02/2026 in Threat Intelligence
    To allow traffic to and from Mandiant Advantage Threat Intelligence (MATI), you should add the following to your allowlist: Hostname: api.intelligence.mandiant.com IP addresses: 162.159.240.125 162.159.241.125 ...

  2. DTM Alert Severity Definitions and Examples

    Last Updated: 02/02/2026 in Threat Intelligence Digital Threat Monitoring Resources
    This document describes how Digital Threat Monitoring (DTM) determines the severity ratings for Alerts. Alert Scoring Framework DTM alert scoring is governed by two components: Confidence, which uses machine learning t...

  3. Microsoft Sentinel and Defender ATP Integrations Admin Guide (Docker Version)

    Last Updated: 02/02/2026 in Threat Intelligence Security Operations and Fusion Subscriptions Threat Intelligence Integrations
    This integration brings Mandiant Advantage Threat Intelligence (MATI) to Microsoft Sentinel and Defender ATP, highlighting indicators of compromise (IOCs) in your network to let you identify and explore those threats that matter most. Benef...

  4. Monitor Compromised Credentials

    Last Updated: 02/02/2026 in Threat Intelligence Digital Threat Monitoring Guides
    Digital Threat Monitoring (DTM) automatically alerts you if any accounts linked to designated domains have appeared in compromised credential data collected from the deep, dark web. Compromised Credentials monitoring automatically includes an...

  5. Indicator Threat Score Methodology

    Last Updated: 02/02/2026 in Threat Intelligence Threat Scoring
    Threat Score is the evolution of IC Score, and it is the recommended default for assessing the impact of an Indicator. IC Score continues to be supported for backward compatibility.  Indicator Threat Score is a measure of the likelihood that an...

  6. Elastic SIEM Integration

    Last Updated: 02/02/2026 in Threat Intelligence Security Operations and Fusion Subscriptions Threat Intelligence Integrations
    The Mandiant Advantage integration for Elastic SIEM lets you retrieve Indicators of Compromise (IOCs) from Mandiant Advantage Threat Intelligence (MATI). These indicators can be used for correlation in Elastic SIEM to help discover potential threats...

  7. Monitor Matching Methodology

    Last Updated: 02/02/2026 in Threat Intelligence Digital Threat Monitoring Resources
    Monitors in Digital Threat Monitoring (DTM) let you define conditions for searching artifacts (called Documents) collected from the deep and dark web for mentions of designated Topics or Entities. DTM uses a sophisticated process to transform Docume...

  8. How Mandiant Rates Vulnerabilities

    Last Updated: 02/02/2026 in Threat Intelligence
    Introduction Mandiant believes that effective vulnerability analysis is a combination of structured or algorithmic analysis and human analysis. Ideally, both should be used to capture and quantify the vulnerability's potential impact and the ...

  9. Acquiring Data from a Threat Hunt by Using Intelligence

    Last Updated: 02/02/2026 in Threat Intelligence Use Cases: Applying Threat Intelligence
    This article focuses on the cyber defense function: Threat Hunting – using intelligence to frame queries to find evidence of advanced persistent threat (APT) groups within your environment. Read Time: 10-12 Min If you haven’t read ...

  10. Digital Threat Monitoring User Roles

    Last Updated: 02/02/2026 in Threat Intelligence Digital Threat Monitoring
    Capability Customer DTM Admin Customer DTM User No DTM role, but Customer Org has DTM entitlement See DTM dropdown menu ✔ ✔   Create/Edit Monitors ✔ ✔   View Monitor names ✔ ✔   Activate/Deactivate Monitors ✔ ...
  • First Published:
  • Last updated:
In This Article
Related Articles
Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.