This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Mandiant ASM issue and its threat intel association

Posted Saturday
ganeshsunkari
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

When we have any issue or exposure as an alert from Mandiant ASM, can't we get details like threat intel association with specific ASM issue when we integrate this to secops.

Solved Solved
0 3 93
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ylandovskyy
Staff
In response to ganeshsunkari
Reply posted on --/--/---- --:-- AM

@ganeshsunkari that makes sense. Soon we will release GTI integration, so you will be able to enrich CVEs that are a part of Alert using that integration.

Currently, you can use Mandiant Threat Intelligence integration for it. There is a useful widget.

ylandovskyy_1-1747236129719.png

View solution in original post

Jump to Solution
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
ylandovskyy
Staff
Reply posted on --/--/---- --:-- AM

Hey @ganeshsunkari ,

Can you elaborate what you meant by "threat intel association"? Also, can you share an example of Issue, which highlights your situation

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
ganeshsunkari
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Lets say I have CVE exposure on the one of the public facing asset, when I am looking into the same log in secops, need to again look up in GTI manually to understand if this vulnerability is actively being exploited by any threat actor. Thinking it would be great if you can provide that enrichment in the secops like how you do it VT enrichment for files.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
ylandovskyy
Staff
In response to ganeshsunkari
Reply posted on --/--/---- --:-- AM

@ganeshsunkari that makes sense. Soon we will release GTI integration, so you will be able to enrich CVEs that are a part of Alert using that integration.

Currently, you can use Mandiant Threat Intelligence integration for it. There is a useful widget.

ylandovskyy_1-1747236129719.png

Jump to Solution
0 Likes
Top Solution Authors
View all
OSZAR »