Mandiant
Mandiant is a threat intelligence tool that provides real-time insights into potential cyber threats and vulnerabilities. By integrating Mandiant with Brinqa, you can enhance CVE scoring and identify vulnerabilities to prioritize and address potential risks, gain a deeper understanding of your threat landscape, and enhance your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Mandiant and how to obtain that information from Mandiant. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Mandiant from the Connector drop-down. If you cannot find the connector in the drop-down, make sure you have installed it first. You must provide the following information to authenticate Mandiant with Brinqa:
-
API URL: The Mandiant API URL. The default URL is
https://api.intelligence.mandiant.com. -
API key and API secret: The API credentials associated with the Mandiant account, which must have permissions to log in to the API server and return data.
Generate Mandiant API credentials
For the Mandiant connector to use the Mandiant API, you must provide API credentials. To generate API credentials, follow these steps:
-
Log in to your organization's Mandiant account at https://advantage.mandiant.com.
-
Click Settings.
-
Click API Access and Keys.
-
Click Get Key ID and Secret.
Your Key ID and Key Secret display. Copy and paste the Key ID value into the "API key" field, and the Key Secret value into the "API secret" field in the integration configuration.
If you do not have the permissions to create API credentials, contact your Mandiant administrator. For additional information, see Mandiant documentation.
Additional settings
The Mandiant connector contains an additional option for specific configuration:
- Maximum retries: The maximum number of times that the integration attempts to connect to the Mandiant API before giving up and reporting a failure. The default setting is 5.
Types of data to retrieve
The Mandiant connector can retrieve the following types of data from the Mandiant API:
Table 1: Data retrieved from Mandiant
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Vulnerability | Yes | CVE Record |
For detailed steps on how to view the data retrieved from Mandiant in the Brinqa Platform, see How to view your data.
Operation options
The Mandiant connector supports the following operation options. See connector operation options for information about how to apply them.
Table 2: Mandiant connector operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| Vulnerability | ratingTypes | analyst, predicted, unrated | A comma-separated list of rating types. You can use this option to retrieve vulnerabilities of the specified rating types as determined by Mandiant. | Key: ratingTypes Value: predicted. This key and value combination only retrieves vulnerabilities with the predicted rating type. |
| riskRatings | UNRATED, LOW, MEDIUM, HIGH, CRITICAL | A comma-separated list of risk ratings. You can use this option to retrieve vulnerabilities of the specified risk ratings as determined by Mandiant. | Key: riskRatings Value: HIGH,CRITICAL. This key and value combination only retrieves vulnerabilities with risk ratings of HIGH and CRITICAL. |
The option keys and values are case-sensitive as they are shown in this documentation.
APIs
The Mandiant connector uses the Mandiant Threat Intelligence API v4. Specifically, it uses the following endpoint:
Table 3: Mandiant Threat Intelligence API v4 Endpoint
| Connector Object | API Endpoint |
|---|---|
| Vulnerability | GET /v4/vulnerability |
Changelog
The Mandiant connector has undergone the following changes:
3.0.2
- Enhanced to map Brinqa's CVSS (Common Vulnerability Scoring System) attributes when such information is available.
3.0.1
- Added management for disparities in the data between the free and commercial versions of Mandiant subscriptions.
3.0.0
- Initial Integration+ release.