Mandiant Threat Intelligence

Updated October 26, 2023 19:05

This article describes the Intelligence Card Extension for FireEye Threat Intelligence.

File:New Mandiant Logo-FULL COLOR.png - Wikipedia

About Mandiant

Mandiant (formerly, part of FireEye and now part of Google) provides cyber threat intelligence through their ThreatScape API. The extension enriches IP Address, Domains, file hashes, URLs, malware, and vulnerability intelligence cards with cyber threat intelligence.

You must have commercial access to Mandiant Threat Intelligence to use this extension and will need your public and private API keys. These are different from your username/password for the Mandiant Advantage portal and can be obtained from your Intelligence Account Manager.

Note that the current intelligence card extension makes use of API v4. An older version of this extension has been deprecated in August 2023; it used v2.2 of the ThreatScape API.

Please also see the Getting Started With Intelligence Card Extensions page if you're interested in enabling this extension.

Extending Intelligence Cards

You can search Mandiant Threat Intelligence for a list of any published reports that include the given IP Address, Domain, File Hash, URL, Malware, and Vulnerability. The response varies by entity type, and can include:

Link to the Mandiant Advantage Portal
Mandiant title
Mandiant Unique ID for the entity
Mandiant Malicious score
Last update date
Last seen date
Exploit Stage (for vulnerabilities
Entity Description
Affected Operating System
Capabilities

Example (for malware "Locky"):

Example (for vulnerability "CVE-2014-0160"):

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.

Articles in this section