Mandiant Automated Defense v1.0.15
Mandiant Automated Defense Pack
- Author:
- Mandiant
- Support:
- partner
agentixxsiam
Analytics & SIEM
Incident fields (28)
- MAD Accounts
- MAD Asset Criticality
- MAD Assets
- MAD Assigned Users
- MAD Attack Stage
- MAD Attack Tactic
- MAD Close URL
- MAD Description
- MAD Domains
- MAD Escalation Reasons
- MAD Event Count
- MAD External Systems
- MAD External Tenant Id
- MAD Feedback Comments
- MAD Feedback Outcome
- MAD Feedback Time Updated
- MAD Feedback User Id
- MAD File Hashes
- MAD First Event Time
- MAD Incident Id
- MAD Internal Tenant Id
- MAD Last Event Time
- MAD Malware
- MAD Probability
- MAD Signatures
- MAD Status
- MAD Time Generated
- MAD URL
Incident types (1)
Integrations (1)
Layouts (1)
README
This pack pulls open investigations created by Mandiant Automated Defense (MAD) into XSOAR. On top of pulling valuable data created by MAD into XSOAR, a user can assign someone to the investigation, change the investigation description, and close an investigation all from the XSOAR UI.
The pack has several commands
- mad-get-incident - get a specific investigation, open or closed, from MAD
- mad-assign-user - assign a specific user to an investigation
- mad-remove-user - remove a specific user from an investigation
- mad-close-incident - close a specific investigation
Bi-directional mirroring is supported.
Currently, this pack has no playbooks.