Mandiant Advantage - Threat Intelligence

Mandiant connector guide for VirusTotal

This guide provides instructions on how to activate the Mandiant connector within VirusTotal. Once activated, VirusTotal reports will display threat intelligence information about IoCs (Indicators of Compromise) sourced from the Mandiant Advantage platform.

Getting the Mandiant credentials

To use this connector, you must have access to the Mandiant Advantage - Threat Intelligence platform. You will need the following credentials provided by Mandiant:

  • Key ID
  • Secret ID

You can locate these credentials in the Mandiant Advantage - Threat Intelligence platform by following these steps:

  1. Navigate to the Settings tab.
  2. Scroll down to the APIv4 Access and Key section.
  3. Copy the provided credentials.

Adding the connector

Before you can view Mandiant's threat intelligence information in VirusTotal reports, you must set up the Mandiant connector and provide your credentials. Follow these steps:

  1. Access the Technology Integrations page via the left menu and then click on the Connectors (Third party to VT). This page serves as the hub for all your configured connectors.

Here you can perform different actions described in details in the Manage the connector section.

  1. Click on Add a connector. A dialog will guide you through configuring the connector in two straightforward steps.

  2. Select the Mandiant connector.

  1. Provide a name and the authentication details.
  1. Save the connector.

Once completed, all members of your group will have access to Mandiant information in the IoC reports.

Managing the connector

The user who adds the connector and the admins of the group to which it belongs, has the authority to edit or delete the connector.

Additionally, all users within your group can enable or disable the connector, this action affects individually to the user.

Viewing Mandiant Information

Once the Mandiant connector is configured, all members of your group will start seeing additional context in the reports. Here are some examples to explore:

For each IoC, you will receive, at a minimum, the Mandiant IC Score. Additionally, Mandiant may provide information about Malware Families or Threat Actors related to the IoC, which will be displayed as clickable tags that allow you to pivot to the Mandiant platform for more details.

Support

This connector is officially suported by VirusTotal, please contact us if you have any question.

Updated 5 months ago