All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Mandiant Advantage

andy_splunk_2
New Member
‎11-08-2021 03:15 AM

We've just installed Mandiant Advantage App and I was hoping someone else here could provide some guidance on what to do after installation and configuration of api keys.

Labels (1)
Labels
Tags (1)
0 Karma
Reply

schimpy
New Member
‎11-21-2021 11:45 PM

Hello @andy_splunk_2 ,

Does the enabling produced a lot of notable events? I am a bit scared not to overwhelm our SOC...

0 Karma
Reply

andy_splunk_2
New Member
‎11-22-2021 02:47 AM

@schimpy , it does produce a lot an overwhelming amount of indicators and notable events.  I currently have a ticket in with support on how to best reduce those numbers by possible filtering out blocked or failed actions in the panel queries.

0 Karma
Reply

schimpy
New Member
‎11-18-2021 06:42 AM

Hello @andy_splunk_2 

I am having the same "issue" here.

I managed to set up ingestion of Mandiant-based IoC to defined index.

Although I set up correlation with my netflow data model (Setup > Config > Mandiant Advantage Correlation Settings), I have no signs it is working somehow.

Have you made any progress here?

Br, Simon

0 Karma
Reply

andy_splunk_2
New Member
‎11-18-2021 09:10 AM

HI, @schimpy 

We were able to see data after adding some data models.  For us it was a matter of waiting.  Try adding Web or Network Traffic data models to Mandiant Advantage Correlation Settings.  It took several hours for the data to start filling out in the panels. 

0 Karma
Reply
Get Updates on the Splunk Community!

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...