This article describes the Intelligence Card Extension for FireEye Threat Intelligence.
About Mandiant
Mandiant (formerly, part of FireEye and now part of Google) provides cyber threat intelligence through their ThreatScape API. The extension enriches IP Address, Domains, file hashes, URLs, malware, and vulnerability intelligence cards with cyber threat intelligence.
You must have commercial access to Mandiant Threat Intelligence to use this extension and will need your public and private API keys. These are different from your username/password for the Mandiant Advantage portal and can be obtained from your Intelligence Account Manager.
Please also see the Getting Started With Intelligence Card Extensions page if you're interested in enabling this extension.
Extending Intelligence Cards
You can search Mandiant Threat Intelligence for a list of any published reports that include the given IP Address, Domain, File Hash, URL, Malware, and Vulnerability. The response varies by entity type, and can include:
- Link to the Mandiant Advantage Portal
- Mandiant title
- Mandiant Unique ID for the entity
- Mandiant Malicious score
- Last update date
- Last seen date
- Exploit Stage (for vulnerabilities
- Entity Description
- Affected Operating System
- Capabilities
Example (for malware "Locky"):
Example (for vulnerability "CVE-2014-0160"):