Hi
Can some one give me the integration steps for Mandiant with Chronicle SIEM .
Solved
Mandiant integration with chronicle
+10- Bronze 2
Best answer by ErikaB
Mandiant Intelligence can be purchased as a standalone. There is also Google Security Operations which offers a unified experience across SIEM, SOAR, and threat intelligence.
+10- Community Manager
Hi @rahul7514
Mandiant integration with Chronicle SIEM is done through the SOAR component.
To integrate Mandiant with Chronicle SOAR:
- Go to Response > Playbooks in the SOAR interface.
- Select the CDIR PLAYBOOK.
- Optionally, enable Mandiant enrichment by setting the Mandiant_Enrichment variable to true.
- In the Cases page, attach the playbook to a test alert to ensure proper configuration.
- You can use a simulation mode to test the playbook run.
- Review the playbook results and the overview in the Cases and Alerts tabs.
- Update the playbook if necessary until you get the expected flow.
For detailed instructions on configuring integrations in Google Security Operations SOAR, see Configure integrations.
I hope this helps.
+10- Bronze 2
@ErikaB so we wont get it in just Siem
I want to use the the threat feeds to filter the traffic logs and trigger alert when suspicious ip is found.
We have not created playbooks so far.
+22I think the question of integration of Mandiant Threat intel and SecOps is somewhat dependent upon the package level that the organization has. Depending on that may drive different things that could potentially be done.
+10- Bronze 2
I think the question of integration of Mandiant Threat intel and SecOps is somewhat dependent upon the package level that the organization has. Depending on that may drive different things that could potentially be done.
So if they upgrade their subscription, will the feed feature automatically start or do we need to integrate anything?
Can mandiant be recieved as standalone??
+10- Community Manager
- Answer
Mandiant Intelligence can be purchased as a standalone. There is also Google Security Operations which offers a unified experience across SIEM, SOAR, and threat intelligence.
+10- Bronze 2
Mandiant Intelligence can be purchased as a standalone. There is also Google Security Operations which offers a unified experience across SIEM, SOAR, and threat intelligence.
@ErikaB thanks for the information. When using mandiant threat intel in soar so when we want to enrich ip it makes an api call to mandiant feed right so is there count of how many calls can be made?
Also is this push or pull mechanism?
+16@ErikaB thanks for the information. When using mandiant threat intel in soar so when we want to enrich ip it makes an api call to mandiant feed right so is there count of how many calls can be made?
Also is this push or pull mechanism?
This would be pull. I’d need to research the call amount.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.