This guide provides instructions on how to activate the Mandiant connector within VirusTotal. Once activated, VirusTotal reports will display threat intelligence information about IoCs (Indicators of Compromise) sourced from the Mandiant Advantage platform.
To use this connector, you must have access to the Mandiant Advantage - Threat Intelligence platform. You will need the following credentials provided by Mandiant:
- Key ID
- Secret ID
You can locate these credentials in the Mandiant Advantage - Threat Intelligence platform by following these steps:
- Navigate to the Settings tab.
- Scroll down to the APIv4 Access and Key section.
- Copy the provided credentials.
Before you can view Mandiant's threat intelligence information in VirusTotal reports, you must set up the Mandiant connector and provide your credentials. Follow these steps:
- Access the
Technology Integrationspage via the left menu and then click on the
Connectors (Third party to VT). This page serves as the hub for all your configured connectors.
Here you can perform different actions described in details in the
Manage the connector section.
Add a connector. A dialog will guide you through configuring the connector in two straightforward steps.
Select the Mandiant connector.
- Provide a name and the authentication details.
- Save the connector.
Once completed, all members of your group will have access to Mandiant information in the IoC reports.
The user who adds the connector and the admins of the group to which it belongs, has the authority to edit or delete the connector.
Additionally, all users within your group can enable or disable the connector, this action affects individually to the user.
Once the Mandiant connector is configured, all members of your group will start seeing additional context in the reports. Here are some examples to explore:
For each IoC, you will receive, at a minimum, the Mandiant IC Score. Additionally, Mandiant may provide information about Malware Families or Threat Actors related to the IoC, which will be displayed as clickable tags that allow you to pivot to the Mandiant platform for more details.
This connector is officially suported by VirusTotal, please contact us if you have any question.
Updated 3 months ago