Hi
Upon checking the IOC tab i can see Mandiant Open Source Intelligence feeds , how can i call these feeds when trying to build a YARA L rule ,
i want to create an alert where traffic towards these IOC's that are allowed needs to trigger an alert and send it to SOAR .
error is this
Also i can see this info from entity summary using Virus total , does that mean i can use this info in building YARA L . I am not sure if we have enterprise edition of VT or not ?
Hi @rahul7514,
The two sources below will be of use:
[2] - https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/LogType
Kind Regards,
Ayman
@AymanC the second link is giving 404 error.
Thanks for the above info ,but in normal siem search can you tell me how can i see these feed logs both Virustotal and mandiant. if they are available in free version still can i see their feeds?
@AymanC the second link is giving 404 error.
Thanks for the above info ,but in normal siem search can you tell me how can i see these feed logs both Virustotal and mandiant. if they are available in free version still can i see their feeds?
hi @rahul7514,
Apologies, the last character 'e' is missing from the second reference.
LogType | Google Security Operations | Google Cloud
In terms of whether this offering is part of your package, I would suggest to speak to your account team.
Kind Regards,
Ayman
@AymanC Sorry i think i did not make my question clear , i can see threat feeds from "Mandiant Open Source Intelligence" , i want to know if i can use them in my alerts ?
If yes what should i search for ?
@jstoner : Could you help me my request
@AymanC Sorry i think i did not make my question clear , i can see threat feeds from "Mandiant Open Source Intelligence" , i want to know if i can use them in my alerts ?
If yes what should i search for ?
@jstoner : Could you help me my request
@rahul7514 try out these feeds individually
metadata.product_name = "OPEN_SOURCE_INTEL_IOC"
metadata.product_name = "GCTI Feed"
metadata.product_name = "MANDIANT_FUSION_IOC"
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.