Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Mandiant Solutions brings together the world’s leading threat intelligence and frontline expertise with continuous security validation to arm organizations with the tools needed to increase security effectiveness and reduce business risk.

Connect Mandiant with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for Mandiant.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. Base Url: Base Url for accessing Mandiant.

  9. API Key: API key for accessing Mandiant.

  10. After you've entered all the details, click Connect.

List Jobs

List jobs. Jobs are the results of Actions, Evaluations, or Sequences that have been run. They contain JobSteps and JobActions.

Input Field

Choose a connection that you have previously created.

Output

JSON containing the following items:

Run a Job Again

Run a job again. Jobs are the results of Actions, Evaluations, or Sequences that have been run. They contain JobSteps and JobActions.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Request Body

Jinja-templated JSON containing the request body to be passed to the API.

Optional

Job Id

Jinja-templated text containing the Job Id.

Required

Output

JSON containing the following items:

Get Job Details

Get job details. Jobs are the results of Actions, Evaluations, or Sequences that have been run. They contain JobSteps and JobActions.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Job Id

Jinja-templated text containing the job Id.

Required

Output

JSON containing the following items:

Show a Job

Show a job. Jobs are the results of Actions, Evaluations, or Sequences that have been run. They contain JobSteps and JobActions.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Job Id

Jinja-templated text containing the job Id.

Required

Output

JSON containing the following items:

Summary Of Action Results For a Job

Summary of action results for a job. Jobs are the results of Actions, Evaluations, or Sequences that have been run. They contain JobSteps and JobActions.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Job Id

Jinja-templated text containing the job Id.

Required

Output

JSON containing the following items:

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem

  • v1.0.1 - Added 5 new actions - List Jobs, Run A Job Again, Get Job Details, Show A Job and Summary Of Action Results For A Job.

  • No labels