Intel (API v4)
Collects indicators and writes to a Splunk index that is then turned into a Splunk lookup. Also includes correlation features based on customer data that maps to the Splunk CIM
"Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions.
Also in the Splunk App, information about Validation jobs is collected and made available for visualization and analysis"
Data can be fetched in raw format. Quering Splunk can return the raw events as sent to Splunk.
Attack Surface Management
The Mandiant Advantage App uses the ASM API to push external assets and identified issues to Splunk Enterprise Security.