Mandiant Threat Intelligence

Updated 8 months ago by TruSTAR

This document explains how to set up and use the Mandiant premium intelligence source in the TruSTAR platform.


Company: Mandiant

Since 2004, Mandiant® has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats. 

Product: Mandiant Threat Intelligence

Mandiant Threat Intelligence gives security practitioners unparalleled visibility and expertise into threats that matter to their business right now. Our threat intelligence is compiled by over 300 security and intelligence individuals across 22 countries, researching actors via undercover adversarial pursuits, incident forensics, malicious infrastructure reconstructions and actor identification processes that comprise the deep knowledge embedded in the Mandiant Intel Grid. Threat Intelligence can be delivered as a technology, operated side-by-side with your team, or fully managed by Mandiant experts.

  • Source Type: Premium Intel
  • Update Type: Feed-based
  • Update Frequency: 15 minutes
  • Parser: Yes
  • Time to Install: 10 minutes

Observables Supported


  • A subscription to iSight intelligence.
  • iSight public key (API ID)
  • iSight private key (API Secret)
TruSTAR Admin rights are required to activate this Premium Intel feed.

Getting Started

  1. Log into the TruSTAR Web App.
  2. Click the Marketplace icon on the Navigation Bar.
  3. Choose Premium Intel.
  4. Click Subscribe on the iSight Partners box.
  5. Enter your API key and API Secret key, then click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

Known Issues

No reported issues.

Please contact if you have issues with this integration.

How Did We Do?