Table of Contents
Below you'll find a table of contents for the Outbound Integrations journey.
Once and Entity or Issue has been discovered, customers often find it useful to export that information to a Ticketing System, SIEM, SOAR, or a combination of these options.
Prerequisites
- Project Owner level access.
- Admin access to Integration Solution account.
Actions
Ticketing
In this section we will walk you through setting up ServiceNow as an Outbound Integration. The ServiceNow integration is a bi-directional one, that supports updates from ServiceNow into Attack Surface Management, on top of pushing Entities and Issues to ServiceNow.
Prerequisites
See the Relevant Links section for more documentation regarding the prerequisites.
- Existing Project(s)
- Existing Collection(s)
- Project Admin rights for Project(s)
- Admin access in ServiceNow
Steps
-
Create an API Key in Mandiant ASM by navigating to the linked page for this step. | Docs
-
Get and Install the Mandiant ASM Integration from the ServiceNow Store.
-
In the ServiceNow console, navigate to Security Operations > Integrations > Integration Configurations, then click Configure next to Mandiant ASM.
-
Enter your Mandiant ASM Access Key and Secret Access Key from step 1. Click Submit.
-
Navigate to Mandiant ASM > Projects and Collections and select the Collections to be imported.
-
Navigate to the CMDB CI Class Models application, search for
sys_choice.list
, then add three new choices as mentioned in step 6 in the linked documentation.
-
Navigate to Mandiant ASM > Vulnerable Item Import and define the schedule you would like to use. Click Update.
Relevant Links
SIEM
In this section we will walk you through setting up Chronicle SIEM as an Outbound Integration for Attack Surface Management.
Prerequisites
See the Relevant Links section for more documentation regarding the prerequisites.
- Existing Project(s)
- Existing Collection(s)
- Project Admin rights for Project(s)
- Google Developer Service Account Credential JSON file
Steps
-
Request a Google Developer Service Account Credential JSON file from your Chronicle account manager.
-
From the Attack Surface Management console, click Projects & Settings, choose a Project, click Account Settings.
-
Click the Integrations tab.
-
Under Outbound Integrations, click Add New for Chronicle SIEM.
-
Update your API Ingestion Endpoint if necessary.
-
Enter your Chronicle Customer ID.
-
Upload the Google Developer Service Account Credential JSON file you received from your Chronicle Account Manager.
-
Select the Ingest Period.
-
Select the Minimum Issue Severity.
-
Click Add Integration.
-
Click Collections, then click Collections Settings next to the Collection you'd like to connect the integration to.
-
Select the Integrations tab, select Connect Integration, then link the Google Cloud integration.
-
Close the window, then click Scan Collection to begin scanning utilizing the Google Cloud integration.
Relevant Links
SOAR
In this section we will walk you through setting up Chronicle SOAR as an Outbound Integration for Attack Surface Management.
Prerequisites
See the Relevant Links section for more documentation regarding the prerequisites.
- Existing Project(s)
- Existing Collection(s)
- Project Admin rights for Project(s)
- Admin rights inside of Google Cloud
Steps
-
Create an API Key in Mandiant ASM by navigating to the linked page. | Docs
-
In the Chronicle UI, click on the Marketplace icon in the top right, then click on Integrations.
-
Search through the Integrations and click the down arrow icon to install the integration for Attack Surface Management.
-
Once the integration is installed, navigate to Response > Integrations Setup.
-
Provide the API Access Key and Secret Access Key, following the directions in the linked page. | Docs
Relevant Links
Journey Complete
Congratulations! You've completed the Product Journey for Attack Surface Management!
Previous Step: Attack Surface Management: Step 3 - Inbound Integrations