Intel (API v4), Collects Threat Indicators to feed the Threat Intelligence module and supports an indicator enrichment command suitable to run standalone or as part of automated playbooks

Security Validation, Return events generated by the security technology that match Mandiant Security Validation actions, Automated Defense, Data can be fetched or forwarded in CEF syslog, CSV, JSON or LEEF syslog. Mandiant Automated Defense supports two variation of CSV, two variations of JSON and fetching from Palo Alto Networks Cortex Data Lake and Elasticsearch.

Automated Defense, Data can be fetched or forwarded in CEF, CSV with syslog header and JSON format. Mandiant Automated Defense supports straight CEF and CEF forwarded from StreamSets. Supports JSON fetched from Palo Alto Networks Cortex Data Lake and another variation of JSON in logstash from Elasticsearch.

Automated Defense, Data can be fetched or forwarded in CEF syslog, CSV, JSON or LEEF syslog. Mandiant Automated Defense supports two variation of CSV, two variations of JSON and fetching from Palo Alto Networks Cortex Data Lake and Elasticsearch.

Automated Defense, Data can be fetched or forwarded in CEF syslog, CSV, JSON or LEEF syslog. Mandiant Automated Defense supports two variation of CSV, two variations of JSON and fetching from Palo Alto Networks Cortex Data Lake and Elasticsearch.

Automated Defense, Data can be fetched in raw format.

Automated Defense, Fetching from Palo Alto Networks Cortex Data Lake in JSON format.

Automated Defense, Automated Defense supports vulnerability data from the "TechnicalReport" template provided by Qualys. The data can be fetched or uploaded using XML format.

Security Validation, Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions

Automated Defense, Data can be fetched or uploaded using JSON format.