Mandiant Cyber Security Technology Integrations
Controls-agnostic ecosystems powered by technology, expertise and partnership.
Integrate technology
We partner with industry-leading security controls providers to deliver advanced protection through our technology ecosystem.
Architect solutions
We develop integrated solutions and capabilities that provide customers with turnkey technology and trusted expertise.
Protect customers
We are always looking for the right partners to build the bridges needed to defend against cyber crime at scale.
Mandiant Strategic Partners
Browse Integrations
Filter by product
Filter by Type
Akamai Edge DNS
- DNS
Attack Surface Management
Attack Surface Management uses the Akamai API to pull in DNS records for further discovery.
Alertlogic
- Managed Detection and Response
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
AlienVault, now AT&T Cybersecurity
- SIEM
Automated Defense
Data can be streamed in JSON format. AlienVault provides raw log formats nested in JSON.
Security Validation
Return events generated from AlienVault that match Mandiant Security Validation actions.
Analyst1 Threat Intelligence Platform
- TIP
Intel (API v2)
Access and organize Mandiant intelligence reports using the Analyst1 platform
Anomali Threat Intel
- TIP
Security Validation
Return threat actor intelligence
Anomali Threat Stream
- TIP
Intel (API v4)
The Anomali integration with Mandiant provides access to contextually rich threat intelligence from Mandiant including indicators of compromise, threat actors, malware families, and finished intelligence reports.
Apache Kafka
- SIEM
Automated Defense
Data can be streamed in raw format.
Arcsight
- SIEM
Intel (API v2)
Collects threat indicators and writes to an index suitable to support correlation searches
Security Validation
Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions
AT&T AlienVault Open Threat Exchange (OTX)
- Intelligence
Automated Defense
Data can be fetched in STIX or JSON format. Mandiant Automated Defense supports STIX format fetched via TAXII.
AT&T USM Anywhere
- SIEM
Security Validation
Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions
Atlassian Jira
- Case Management
Attack Surface Management
Attack Surface Management uses the Jira API to allow customers to create tickets from identified issues.
AWS
- Cloud
Attack Surface Management
Attack Surface Management retrieves EC2 instances, route 53 and S3 buckets, adding them to the asset inventory while continuously monitoring for exposures. The integration can be configured via AWS Roles or Keys.
AWS Cloudtrail
- Cloud Logs
Security Validation
Return events generated by AWS users and services that match Mandiant Security Validation actions
AWS CloudWatch
- Cloud
Security Validation
Return events generated by AWS native cloud controls that match Mandiant Security Validation actions
AWS EC2
AWS GuardDuty
- Cloud Logs
Security Validation
Return security alerts generated by AWS users and services that match Mandiant Security Validation actions
AWS Route53
AWS S3
- Cloud
Automated Defense
Data can be fetched in GZIP format. S3 stores files in GZIP. Mandiant Automated Defense can fetch those files, extract and analyze all supported product log formats.
AWS S3
- SIEM
Automated Defense
Data can be fetched in GZIP format. S3 stores files in GZIP. Mandiant Automated Defense can fetch those files, extract and analyze all supported product log formats.
Bluecat
- DHCP
Automated Defense
Data can be forwarded in Syslog format.
Carbon Black PSC
- Endpoint
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Check Point SmartDefense
- Network Intrusion Detection and Protection
Automated Defense
Data can be forwarded in CEF, Syslog loggrabber, LEEF and Logstash loggraber formats.
Check Point URL Filtering
- Web Filtering
Automated Defense
Data can be forwarded in in CEF format.
Checkpoint
- Firewall
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Cisco AMP
- Endpoint
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Cisco Firepower
- Web Filtering
Automated Defense
Data can be forwarded in Syslog format.
Cisco Firepower
- Firewall
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Cisco Firepower NGFW
- Network Intrusion Detection and Protection
Automated Defense
Data can be forwarded in CEF, Fixed position, Syslog, Syslog fixed position, Syslog key-value-pairs/Estreamer and Pipe delimited. Mandiant Automated Defense supports three variations of fixed position, four variations of Estreamer.
Cisco IPS
- Network Intrusion Detection and Protection
Automated Defense
Data can be forwarded in CEF, Fixed position, Syslog, Syslog fixed position, Syslog key-value-pairs/Estreamer and Pipe delimited. Mandiant Automated Defense supports three variations of fixed position, four variations of Estreamer.
Cisco Umbrella DNS
- Web Filtering
Automated Defense
Data can be forwarded in CSV format. Supports three variations of CSV.
Cisco Umbrella Proxy
- Web Filtering
Automated Defense
Data can be fetched or forwarded in CSV format.
Cloudflare
- DNS
Attack Surface Management
Attack Surface Management uses the Cloudflare API to pull DNS records for further discovery.
Corlight Suricata
- Network Intrusion Detection and Protection
Automated Defense
Data can be forwarded in JSON format.
Crowdstrike
- Endpoint
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Crowdstrike Falcon Insight EDR
- Endpoint Detection and Response
Automated Defense
Data can be streamed in JSON format. Since the JSON formatted data from streaming is more complete than other formats,Mandiant strongly recommends streaming Crowdstrike events.
Crowdstrike Falcon Prevent NGAV
- Endpoint Protection
Automated Defense
Data can be streamed or forwarded in JSON or CEF format.
Crowdstrike Threat Intel
- TIP
Security Validation
Return threat actor intelligence
Cybereason
- Endpoint
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
CylancePROTECT
- Endpoint Protection
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Automated Defense
Data can be forwarded or fetched in JSON or CEF format. Data is fetched from AlienVault.
Darktrace
- Network
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Devo
- SIEM
Security Validation
Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions
EclecticIQ
- TIP
Intel (API v2)
Elastic Elasticsearch
- SIEM
Security Validation
Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions
Automated Defense
Data can be fetched in logstash format. Elastisearch stores files in logstach.
Endgame
- Endpoint
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Exabeam Analytics
- SIEM
Security Validation
Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions
Exabeam Datalake
- SIEM
Security Validation
Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions
F5 Threat Stack
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Fidelis Network
- Network Intrusion Detection and Protection
Automated Defense
Data can be forwarded in CEF format.
Forcepoint URL Filtering
- Web Filtering
Automated Defense
Data can be forwarded in CEF, CEF Syslog, key-value-pairs or LEEF format.
Forescout Silent Defense
- Industrial Control Systems
Automated Defense
Data can be forwarded in CEF format.
Fortinet
- DHCP
Automated Defense
Data can be forwarded in key-value-pairs format.
Fortinet Forticlient
- Web Filtering
Automated Defense
Data can be forwarded in CEF format.
Fortinet FortiClient EPP
- Endpoint Protection
Automated Defense
Data can be forwarded in CEF format.
Fortinet Fortigate
- Network Intrusion Detection and Protection
Automated Defense
Data can be forwarded in CEF Syslog, Syslog key-value-pairs and CS key-value-pairs formats.
Fortinet Fortigate NGFW
- Web Filtering
Automated Defense
Data can be forwarded in CEF key-value-pairs format.
FS-ISAC Intelligence Exchange
- Intelligence
Automated Defense
Data can be fetched in STIX format.
Gigamon ThreatINSIGHT
- Network Intrusion Detection and Protection
Automated Defense
Data can be fetched in JSON format.
GitHub
- Code Repository
Attack Surface Management
Attack Surface Management can integrate with a GitHub Organization or Account to pull in accounts and repositories as discoverable assets.
GoDaddy
- DNS
Attack Surface Management
Attack Surface Management use the GoDaddy API to pull DNS records for further discovery.
Google BigQuery
- Cloud Logs
Security Validation
Return events generated security technologies that write events to the cloud log storage system and that match Mandiant Security Validation actions
Google Chronicle
- SIEM
Security Validation
Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions
Breach Analytics
Early warning system for active breaches. Know about adversaries that pose a risk to your organization based on your industry or other factors--before an attack. Breach Analytics natively ingests security events from Google Chronicle Security Operations Suite and continuously monitors all current and historical security data sets and events from Chronicle SIEM. Click here for supported data sets and security systems.
Google Chronicle Security VirusTotal
- Intelligence
Automated Defense
Data can be fetched in raw format.
Google Cloud Platform
- Cloud
Attack Surface Management
Attack Surface Management retrieves APIs, applications, Cloud Functions, Cloud SQL Instances, compute, storage and DNS zones, adding them to the asset inventory while continuously monitoring for exposures.
Google Cloud Storage
- SIEM
Automated Defense
Data can be fetched in raw format.
Graylog
- Log Management
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
IBM Qradar
- SIEM
Intel (API v4)
Collects threat indicators and writes to an index suitable to support correlation searches
Security Validation
Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions
Automated Defense
Data can be forwarded in LEEF format.
iBoss
- Web security
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
iboss Cloud
- Web Filtering
Automated Defense
Data can be forwarded in CEF, LEEF syslog, Piple delimited with Syslog header format.
Infoblox
- DHCP
Automated Defense
Data can be forwarded in Syslog format.
Intel471
- Intelligence
Security Validation
Return threat actor intelligence
Juniper JSA
- Firewall
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Kenna Security
- Vulnerability Management
Attack Surface Management
Kenna Security KDI JSON exports are available from Attack Surface Management.
LogRhythm Elastic
- SIEM
Security Validation
Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions
LogRhythm Sql
- SIEM
Security Validation
Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions
Logzilla
- SIEM
Security Validation
Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions
Maltego
- Analyst Tool
Intel (API v2)
Enriches indicators with intelligence from Mandiant
Mandiant Threat Intelligence
- Intelligence
Security Validation
Return threat actor intelligence
Attack Surface Management
Attack Surface Management uses the Mandiant Threat Intelligence API to ernich external assets and pull in confidence and risk rating, CVE vulnerability reports and more.
MaxMind GeoLite 2
- Intelligence
Automated Defense
Data can be fetched in raw format.
McAfee EPO
- Endpoint
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
McAfee EPO DLP
- DLP
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
McAfee ESM
- Endpoint
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Automated Defense
Data can be forwarded in CEF, CSV-XML, logstash-XML, Syslog or XML format. Mandiant Automated Defense supports CEF forwarding from Endpoint Security. Native XML format is supported directly or in CSV, or wrapped in logstash.
McAfee Network Security Platform
- Network Intrusion Detection and Protection
Automated Defense
Data can be forwarded in Syslog format.
McAfee VirusScan
- Endpoint Protection
Automated Defense
Data can be forwarded in CEF format. Mandiant Automated Defense CEF forwarding from ePolicy Orchestrator.
McAfee Web Gateway
- Web Filtering
Automated Defense
Data can be forwarded in CEF, LEEF syslog, Piple delimited with Syslog header format.
MicroFocus ArcSight
- SIEM and Data Storage
Automated Defense
Data can be forwarded in CEF format.
Microsoft Active Directory
- Authentication
Automated Defense
Data can be forwarded in XML, JSON or key-value-pairs format.
Microsoft Azure
- Cloud
Attack Surface Management
Attack Surface Management has a token-based integration to auto-discover public Virtual Machine instances, storage accounts (blobs), and public DNS zones within Azure accounts.
Microsoft Azure Log Analytics
- Cloud Logs
Security Validation
Return events generated security technologies that write events to the cloud log storage system and that match Mandiant Security Validation actions
Microsoft Azure Sentinel
- SIEM
Security Validation
Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions
Microsoft Defender ATP
- Endpoint
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Microsoft Defender for Endpoint
- Endpoint Protection
Automated Defense
Data can be forwarded in JSON, native key-value-pairs and Syslog.
Microsoft Defender for Endpoint
- Endpoint Detection and Response
Automated Defense
Data can be fetched in JSON format.
Managed Defense
24/7 monitor, enrich with context, investigate and respond to the most important events.
Microsoft DHCP
- DHCP
Automated Defense
Data can be forwarded in CSV or Syslog format. Mandiant Automated Defense supports two different variations of Syslog fromatted Microsoft DHCP.
Microsoft Graph API
- Cloud Logs
Security Validation
Return events generated security technologies that write events to the cloud log storage system and that match Mandiant Security Validation actions
Microsoft Sentinel/Defender
- SIEM
Intel (API v4)
An Azure Logic App that collects indicators from Mandiant and adds them to either Microsoft Sentinel or Defender for Endpoint using the Microsoft Graph Security API.
Microsoft System Center Endpoint Protection
- Endpoint Protection
Automated Defense
Data can be forwarded in JSON, native key-value-pairs and Syslog.
Microsoft Windows Defender
- Endpoint Protection
Automated Defense
Data can be forwarded in JSON, native key-value-pairs and Syslog.
MISP
- TIP
Intel (API v4)
The Mandiant MISP Collector allows users to pull in threat intelligence from Mandiant into MISP's open-source data aggregation and threat sharing platform
MISP
- Threat Sharing
Intel (API v4)
Collects Threat Indicators, Malware Families, Vulnerabilities, and Threat Actor intelligence and creates MISP Events
NetScope SIEM/EUBA
- SIEM
Intel (API v4)
NetScope SOAR
- SOAR
Intel (API v4)
Netskope
- CASB
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
OpenCTI
- TIP
Intel (API v4)
The Open CTI integration collects intelligence from Mandiant, including, indicators, threat actors, malware families, and vulnerabilities; and makes the data available in the Open CTI platform
Palo Alto Networks Cortex Data Lake
- SIEM and Data Storage
Automated Defense
Data can be fetched in raw format.
Palo Alto Networks Cortex XDR
- Endpoint
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Palo Alto Networks Cortex XSOAR
- SOAR
Intel (API v4)
Collects Threat Indicators to feed the Threat Intelligence module and supports an indicator enrichment command suitable to run standalone or as part of automated playbooks
Palo Alto Networks Next Gen Firewall URL Filtering
- Web Filtering
Automated Defense
Data can be fetched or forwarded in CEF, CSV with syslog header and JSON format. Mandiant Automated Defense supports straight CEF and CEF forwarded from StreamSets. Supports JSON fetched from Palo Alto Networks Cortex Data Lake and another variation of JSON in logstash from Elasticsearch.
Palo Alto Networks Next-Gen Firewall
- Firewall
- Network Intrusion Detection and Protection
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Automated Defense
Data can be fetched or forwarded in CEF syslog, CSV, JSON or LEEF syslog. Mandiant Automated Defense supports two variation of CSV, two variations of JSON and fetching from Palo Alto Networks Cortex Data Lake and Elasticsearch.
Palo Alto Networks NIDS
- Network Intrusion Detection and Protection
Automated Defense
Data can be fetched or forwarded in CEF syslog, CSV, JSON or LEEF syslog. Mandiant Automated Defense supports two variation of CSV, two variations of JSON and fetching from Palo Alto Networks Cortex Data Lake and Elasticsearch.
Palo Alto Networks Threat Prevention
- Network Intrusion Detection and Protection
Automated Defense
Data can be fetched or forwarded in CEF syslog, CSV, JSON or LEEF syslog. Mandiant Automated Defense supports two variation of CSV, two variations of JSON and fetching from Palo Alto Networks Cortex Data Lake and Elasticsearch.
Palo Alto Networks Traps
- Endpoint Protection
Automated Defense
Fetching from Palo Alto Networks Cortex Data Lake in JSON format.
Qualys
- Vulnerability Management
Automated Defense
Automated Defense supports vulnerability data from the "TechnicalReport" template provided by Qualys. The data can be fetched or uploaded using XML format.
Rapid7 Insight VM
- Vulnerability Management
Automated Defense
Data can be fetched or uploaded using JSON format.
Rapid7 InsightIDR
- SIEM
Security Validation
Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions
Rapid7 NexPose
- Vulnerability Management
Automated Defense
Data can be uploaded using XML format.
RSA NetWitness Logs & Packets
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
RSA NetWitness Respond
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
SANS Internet Storm Center Dshield
- Intelligence
Automated Defense
Data can be fetched in raw format.
Security Onion Elk
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Security Onion Elsa
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Securonix
- SIEM
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
SentinelOne
- XDR
Intel (API v4)
SentinelOne ActiveEDR
- Endpoint Detection and Response
Automated Defense
Data can be fetched in JSON format.
SentinelOne EPP
- Endpoint
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Automated Defense
Mandiant recommends fetching of SentinelOne events in JSON format.
ServiceNow Vulnerability Response
- Vulnerability Management
Attack Surface Management
The Mandiant Advantage Attack Surface Management App uses the ASM API to push issue details to ServiceNow Vulnerability Response.
Siemplify
- SOAR
Intel (API v4)
The Mandiant Integration for Siemplify enriches existing entities and IOCs in Siemplify with Mandiant Threat Intelligence data, including related entities and additional malware details.
SNORT IPS
- Network Intrusion Detection and Protection
Automated Defense
Data can be forwarded in Syslog fixed position. Mandiant Automated Defense supports two variations of Syslog fixed position format.
SNORT NIDS
- Network Intrusion Detection and Protection
Automated Defense
Data can be forwarded in Syslog fixed position. Mandiant Automated Defense supports two variations of Syslog fixed position format.
Sophos Cloud
- Endpoint
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Sophos Endpoint Protection
- Endpoint Protection
Automated Defense
Mandiant recommends fetching of Sophos events in JSON format from Sophos Central.
Splunk Enterprise
- SIEM
Intel (API v4)
Collects indicators and writes to a Splunk index that is then turned into a Splunk lookup. Also includes correlation features based on customer data that maps to the Splunk CIM
Security Validation
"Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions.
Also in the Splunk App, information about Validation jobs is collected and made available for visualization and analysis"
Automated Defense
Data can be fetched in raw format. Quering Splunk can return the raw events as sent to Splunk.
Attack Surface Management
The Mandiant Advantage App uses the ASM API to push external assets and identified issues to Splunk Enterprise Security.
Splunk TruStar
- SOAR
Intel (API v2)
Sumo Logic
- SIEM
Security Validation
Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions
Automated Defense
Data can be fetched in Syslog format.
Suricata IDS
- Network Intrusion Detection and Protection
Automated Defense
Data can be fetched or forwarded in EVE, JSON, raw with or without Syslog header or Syslog EVE. Fetch from AlienVault supports two variations of JSON.
Suricata IPS
- Network Intrusion Detection and Protection
Automated Defense
Data can be fetched or forwarded in EVE, JSON, raw with or without Syslog header or Syslog EVE. Fetch from AlienVault supports two variations of JSON.
Swimlane
- SOAR
Intel (API v4)
Symantec Blue Coat Proxy SG
- Web Filtering
Automated Defense
Data can be forwarded in CEF or Fixed Position format. Mandiant Automated Defense supports six variations of Fixed Position formatting.
Symantec DLP
- DLP
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Symantec Endpoint Protection
- Endpoint Protection
Automated Defense
Data can be forwarded in Syslog or CEF Syslog format.
Tanium
- Vulnerability Management
Security Validation
Data can be forwarded using JSON format.
Tanium Threat Response
- Endpoint Protection
Automated Defense
Data can be forwarded in JSON format.
Tanium Threat Response
- Endpoint Detection and Response
Automated Defense
Data can be forwarded in JSON format.
Tenable Nessus
- Vulnerability Management
Security Validation
Data can be fetched or uploaded using XML format.
Tenable.sc
- Vulnerability Management
Security Validation
Data can be fetched or uploaded using XML format.
ThreatConnect
- Intelligence
Security Validation
Return threat actor intelligence
ThreatQuotent Threat Q Platform
- TIP
Intel (API v4)
The ThreatQ integration collects intelligence from Mandiant and makes it available in the ThreatQ security operations platform
Trellix Endpoint Security
- Endpoint Protection
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Automated Defense
Data can be fetched in JSON format.
Managed Defense
24/7 monitor, enrich with context, investigate and respond to the most important events
Trellix ETP
- Endpoint
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Trellix Helix
- SIEM
Security Validation
Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions
Trellix Network Security
- Network Intrusion Detection and Protection
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Automated Defense
Data can be forwarded in JSON format.
Trend Micro Tipping Point Next Gen IPS
- Network Intrusion Detection and Protection
Automated Defense
Data can be forwarded in CEF, Syslog fixed position or Syslog pipe delimited. Mandiant Automated Defense supports three variations of Syslog fixed position format.
TrendMicro Apex One
- Endpoint Protection
Automated Defense
Data can be forwarded in JSON format.
TrendMicro Deep Security
- Endpoint Protection
Automated Defense
Data can be forwarded in Syslog format.
TrendMicro OfficeScan
- Endpoint Protection
Automated Defense
Data can be forwarded in Syslog or CEF format. Automated Defense supports two different variations of OfficeScan Syslog.
UNIX
- DHCP
Automated Defense
Data can be forwarded in fixed position or Syslog format. Mandiant Automated Defense supports two different variations of Syslog fromatted Microsoft DHCP.
VMware AppDefense
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
VMWare Carbon Black Cloud
- Endpoint
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
VMware Carbon Black EDR
- Endpoint Detection and Response
Automated Defense
Data can be fetched in JSON format.
VMware Carbon Black EDR
- Vulnerability Management
Security Validation
Data can be fetched using JSON format.
VMware Carbon Black Endpoint
- Endpoint
Security Validation
Return events generated by the security technology that match Mandiant Security Validation actions
Vulcan Platform
- Vulnerability Management
Intel (API v2)
WhoisXML API
- Intelligence
Automated Defense
Data can be fetched in XML format.
Zscaler Web Security
- Web Filtering
Automated Defense
Data can be forwarded in CEF, key-value-paris and LEEF format. Mandiant Automated Defense supports straight CEF and CEF forwarded from StreamSets.
Were you able to find what you were looking for?
Get in touch if you have any questions about our partner program or technology integrations.