Mandiant iSight
This document explains how to set up and use the Mandiant iSight premium intelligence source in the TruSTAR platform.
Mandiant iSIGHT Threat Intelligence is a proactive, forward-looking means of qualifying threats poised to disrupt your business based on the intents, tools and tactics of the attacker. This high-fidelity, comprehensive intelligence delivers visibility beyond the typical attack lifecycle, adding context and priority to global threats before, during and after an attack.
- Source Type: Premium Intel
- Update Type: Feed-based
- Update Frequency: 15 minutes
- Parser: Yes
- Time to Install: 10 minutes
Observables Supported
Requirements
- A subscription to iSight intelligence.
- iSight public key (API ID)
- iSight private key (API Secret)
Getting Started
- Log into the TruSTAR Web App.
- Click the Marketplace icon on the Navigation Bar.
- Choose Premium Intel.
- Click Subscribe on the iSight Partners box.
- Enter your API key and API Secret key, then click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
TruSTAR Report Mapping
The information retrieved from this intelligence source is stored in the Mandiant iSight Enclave using this format.
Field | Explanation | Example |
Report Title | Report title | XX-52014 |
External ID | reportID | XX-52014 |
External URL | reportLink | https://api.isightpartners.com/report/XX-52014 |
Report Body | Full JSON response from iSight | |
Time Begun | publishDate | 1408463264 |
Tags | None |
Known Issues
No reported issues.