All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Mandiant Advantage

andy_splunk_2
New Member
‎11-08-2021 03:15 AM

We've just installed Mandiant Advantage App and I was hoping someone else here could provide some guidance on what to do after installation and configuration of api keys.

Labels (1)
Labels
Tags (1)
0 Karma
Reply

schimpy
New Member
‎11-21-2021 11:45 PM

Hello @andy_splunk_2 ,

Does the enabling produced a lot of notable events? I am a bit scared not to overwhelm our SOC...

0 Karma
Reply

andy_splunk_2
New Member
‎11-22-2021 02:47 AM

@schimpy , it does produce a lot an overwhelming amount of indicators and notable events.  I currently have a ticket in with support on how to best reduce those numbers by possible filtering out blocked or failed actions in the panel queries.

0 Karma
Reply

schimpy
New Member
‎11-18-2021 06:42 AM

Hello @andy_splunk_2 

I am having the same "issue" here.

I managed to set up ingestion of Mandiant-based IoC to defined index.

Although I set up correlation with my netflow data model (Setup > Config > Mandiant Advantage Correlation Settings), I have no signs it is working somehow.

Have you made any progress here?

Br, Simon

0 Karma
Reply

andy_splunk_2
New Member
‎11-18-2021 09:10 AM

HI, @schimpy 

We were able to see data after adding some data models.  For us it was a matter of waiting.  Try adding Web or Network Traffic data models to Mandiant Advantage Correlation Settings.  It took several hours for the data to start filling out in the panels. 

0 Karma
Reply
Get Updates on the Splunk Community!

Simplifying the Analyst Experience with Finding-based Detections

    Splunk invites you to an engaging Tech Talk focused on streamlining security operations with ...

[Puzzles] Solve, Learn, Repeat: Word Search

This challenge was first posted on Slack #puzzles channelThis puzzle is based on a letter grid containing ...

[Puzzles] Solve, Learn, Repeat: Advent of Code - Day 4

Advent of CodeIn order to participate in these challenges, you will need to register with the Advent of Code ...