Mandiant Solutions brings together the world’s leading threat intelligence and frontline expertise with continuous security validation to arm organizations with the tools needed to increase security effectiveness and reduce business risk.
Connect Mandiant with Devo SOAR
Navigate to Automations > Integrations.
Search for Mandiant.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
Base Url: Base Url for accessing Mandiant.
API Key: API key for accessing Mandiant.
After you've entered all the details, click Connect.
List Jobs
List jobs. Jobs are the results of Actions, Evaluations, or Sequences that have been run. They contain JobSteps and JobActions.
Input Field
Choose a connection that you have previously created.
Output
JSON containing the following items:
Run a Job Again
Run a job again. Jobs are the results of Actions, Evaluations, or Sequences that have been run. They contain JobSteps and JobActions.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Request Body | Jinja-templated JSON containing the request body to be passed to the API. | Optional |
Job Id | Jinja-templated text containing the Job Id. | Required |
Output
JSON containing the following items:
Get Job Details
Get job details. Jobs are the results of Actions, Evaluations, or Sequences that have been run. They contain JobSteps and JobActions.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Job Id | Jinja-templated text containing the job Id. | Required |
Output
JSON containing the following items:
Show a Job
Show a job. Jobs are the results of Actions, Evaluations, or Sequences that have been run. They contain JobSteps and JobActions.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Job Id | Jinja-templated text containing the job Id. | Required |
Output
JSON containing the following items:
Summary Of Action Results For a Job
Summary of action results for a job. Jobs are the results of Actions, Evaluations, or Sequences that have been run. They contain JobSteps and JobActions.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Job Id | Jinja-templated text containing the job Id. | Required |
Output
JSON containing the following items:
Release Notes
v2.0.0
- Updated architecture to support IO via filesystemv1.0.1
- Added 5 new actions -List Jobs
,Run A Job Again
,Get Job Details
,Show A Job
andSummary Of Action Results For A Job
.