We've just installed Mandiant Advantage App and I was hoping someone else here could provide some guidance on what to do after installation and configuration of api keys.
Hello @andy_splunk_2 ,
Does the enabling produced a lot of notable events? I am a bit scared not to overwhelm our SOC...
@schimpy , it does produce a lot an overwhelming amount of indicators and notable events. I currently have a ticket in with support on how to best reduce those numbers by possible filtering out blocked or failed actions in the panel queries.
Hello @andy_splunk_2
I am having the same "issue" here.
I managed to set up ingestion of Mandiant-based IoC to defined index.
Although I set up correlation with my netflow data model (Setup > Config > Mandiant Advantage Correlation Settings), I have no signs it is working somehow.
Have you made any progress here?
Br, Simon
HI, @schimpy
We were able to see data after adding some data models. For us it was a matter of waiting. Try adding Web or Network Traffic data models to Mandiant Advantage Correlation Settings. It took several hours for the data to start filling out in the panels.