CTIX and FireEye Joint Solutions

The Mandiant Threat Intelligence API allows organizations to gain access to evidence-based knowledge about adversaries. Adversary information including motive, intent, capabilities, and operating environments allows security teams to gain an advantage in detecting, investigating, and recommending actions against threats. The integration of CTIX with Mandiant Threat Intelligence brings added benefits, including:

  • Automated consumption of indicators of compromise (IOCs) – IPs, domain names, URLs used by threat actors – as well as information on the adversary to further enrich the threat intelligence data.
  • Ability to match IOCs with internal intelligence and allow analysts to prioritize relevant threats. 
  • Access to high-confidence IOC information that analysts can use in their automation workflows to operationalize threat data and make informed strategic decisions.
  • Ability to automatically evaluate the confidence for IOCs using the CTIX confidence scoring engine allowing analysts to focus on the investigation of critical IOCs.

Mandiant Threat Intelligence API

The Mandiant Threat Intelligence API provides machine-to-machine-integration with the most contextually rich threat intelligence data available on the market today. The API provides programmatic access to IOCs—IP addresses, domain names, URLs used by threat actors—as well as information on the adversary, to further enrich integrations. The API supports Python, Java, PHP, C++, and C# programming languages.

Integration Benefits

  • Accelerate Analyst Decision Making: Mandiant Threat Intelligence data is available in JSON format which enables full support for STIX threat data objects and makes it easier for analysts to view relationships between threat data objects while investigating threats.
  • Frontline Insights: Access comprehensive threat intelligence data about advanced adversaries, campaigns, targeted devices, and targeted organizations allowing analysts to derive actionable insights.
  • Latest Attack Details as Threats Emerge: Receive the latest alerts on constantly changing adversary tactics, techniques, and procedures (TTPs) to defend against evolving threats.
  • Instant, Ready-to-Use Integration: Supports Mandiant Threat Intelligence Application Programming Interface (API) version 3.0 to ingest threat intel feeds.
  • Intelligence-Led Security: Allow security teams to quickly attribute attacks by relating to specific adversary campaigns and threat actor behaviors.

Orchestrate Intel with CSOL

Security teams can also leverage Cyware Security Orchestration Layer (CSOL) as an end-to-end orchestration layer, to creatively expand the CTIX-FireEye integration capabilities to create specialized and complex threat intelligence workflows. These workflows can be created with the easy-to-use playbook builders or by modifying Cyware’s existing pre-built playbooks to meet requirements. CSOL offers orchestration across multiple deployment environments with automated playbooks, flexible APIs, and full customization capabilities.

Related Links

For more information about our tech partner integrations, contact us at: