In this brief guide, I'll show you how to integrate Mandiant Attack Surface Management (ASM) into Google SecOps.
With Mandiant Attack Surface Management, organizations can discover and track vulnerabilities and threats across their public-facing infrastructure. As part of this function, ASM is able to build a robust catalog of Entities that represent the various resources that are identified during the course of scans. We can easily query this catalog of Entities and the list of known Issues that ASM has identified about them in Google SecOps.
Let's first install the Mandiant ASM Marketplace integration. You can find it using the label Mandiant ASM, and you can verify you're installing the correct one by noting that it has the Certified label as shown here.
Once the integration is installed, you can proceed to fill in the corresponding parameters that SecOps will use to connect to ASM. Before we can do this, we need to generate an API keypair in ASM so that we can pass those API keys to SecOps as part of the integration configuration.
In Mandiant ASM, navigate to Account Settings > API Keys and generate a new keypair. This creates a new Access Key and corresponding Secret Key. Make sure to save the Secret Key because it is only displayed once, at the time of generation.
Now that our keypair is generated, we can pivot back to Google SecOps and plug the API keys into the integration configuration. In the Project Name field, specify the ASM project name that SecOps will query against using the keypair. As part of your keypair, you might have access to multiple ASM projects which is why this field is used to point Google Secops to a specific one.
If the API Root value shows a different value from the one in the screenshot, specify it as https://asm-api.advantage.mandiant.com then select Save.
Click Test to verify the access keys and API Root settings are correct. If the Test fails, focus on the three variables that are involved in the setup: The access keys, project name, and the API Root. Verify those are specified correctly, then confirm this is the case with the Test function again.
