Mandiant Digital Threat Monitoring
App Vendor: Google
App Category: Data Enrichment and Threat Intelligence
Connector Version: 1.0.0
API Version: v1
About App
The Mandiant Digital Threat Monitoring app provides security teams with visibility across the open, deep, and dark web. It helps manage and track monitoring instances, enabling targeted threat detection and timely response.
The Mandiant Digital Threat Monitoring app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Get Monitor by ID | This action retrieves a monitor by the specified ID. |
List Alerts | This action lists the alerts for the current organization. |
List Alerts by ID | This action lists the alerts by ID. |
List Monitors | This action lists all monitors belonging to the current organization. |
List Verified Domains | This action lists all the verified domains. |
Update Alert Fields | This action updates the fields of an alert. |
Generic Action | This is a generic action used to make requests to any Mandiant Digital Threat Monitoring endpoint. |
Configuration Parameters
The following configuration parameters are required for the Mandiant Digital Threat Monitoring app to communicate with the Mandiant Digital Threat Monitoring enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the API key to authenticate with Mandiant Digital Threat Monitoring. | Password | Required | |
Secret Key | Enter the API secret to authenticate with Mandiant Digital Threat Monitoring. | Password | Required | |
Version | Enter the API version. | Text | Optional | Default value: v4 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | Default value: Yes |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Mandiant Digital Threat Monitoring. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Action: Get Monitor by ID
This action retrieves the details of a monitor by the specified ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Monitor ID | Enter the monitor ID. Example: cpff0h909pb785734qjg | Text | Required | You can retrieve this using the action List Monitors. |
Example Request
[
{
"monitor_id": "cpff0h909pb785734qjg"
}
]Action: List Alerts
This action lists the alerts for the current organization.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sort | Enter the field name to sort the response. Example: sort=updated_at | Text | Optional | Allowed values: id, created_at, updated_at, monitor_id Default value: created_at |
Order | Enter the order to sort the response. Example: order=asc | Text | Optional | Allowed values are asc and desc. Default value: desc |
Size | Enter the number of alerts to retrieve on each page. Example: size=20 | Integer | Optional | Maximum value: 100 Default value: 10 |
Monitor ID | Enter one or more monitor IDs to retrieve the alerts for the specified IDs. Example: monitor_id=c4fcpm2bqsiatib6i4h0 | Text | Optional | You can retrieve this using the action List Monitors. |
Reference | Enter true to include false, doc, labels, and topics in the response. | Boolean | Optional | Default value: true |
Alert Type | Enter one or more types of alerts to filter the response. | Text | Optional | Allowed values: Compromised Credentials, Domain Discovery, Forum Post, Message, Paste, Shop Listing, Tweet, Web Content |
Additional Data | Enter any additional data to pass to the API. | Key Value | Optional |
Example Request
[
{
"order":"asc",
"size":20,
"monitor_id":"c4fcpm2bqsiatib6i4h0"
}
]Action: List Alerts by ID
This action retrieves the details of an alert by the specified ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the alert ID. Example: cpjar8055ojteuldb8ng | Text | Required | You can retrieve this using the action List Alerts. |
Truncate | Enter the value to truncate the document fields to the given length using unicode ellipsis (\x2026). | Integer | Optional | |
Reference | Enter true to include triggering doc, topics, and labels of the alert in the response. | Boolean | Optional | |
Sanitize | Enter true to sanitize any HTML content in the alert, ensuring it does not contain potentially malicious tags. | Boolean | Optional |
Example Request
[
{
"alert_id": "cpjar8055ojteuldb8ng"
}
]Action: List Monitors
This action lists all monitors belonging to the current organization.
Action Input Parameters
No input parameters are required for this action.
Action: List Verified Domains
This action lists all the verified domains.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sort | Enter the field values to sort the response by. Example: sort=updated_at | Text | Optional | Allowed values: id, domain, status, created_at, updated_at Default value: created_at |
Order | Enter the order to sort the response by. Example: order=asc | Text | Optional | Allowed values are asc and desc. Default value: desc |
Size | Enter the number of verified domains to retrieve on each page. Example: size=20 | Integer | Optional | Default value: 10 |
Since | Enter the start date in RFC 3339 format to retrieve the verified domains after the specified date. | Text | Optional | |
Page | Enter the unique page ID to fetch subsequent pages for pagination. | Text | Optional | This parameter cannot be combined with other query parameters. |
Until | Enter the end date in RFC 3339 format to retrieve the verified domains until the specified date. | Text | Optional |
Example Request
[
{
"sort":"updated_at",
"order":"asc",
"size":20
}
]Action: Update Alert Fields
This action updates the fields of an alert.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the alert ID. Example: c4huif0mhcmiku5g7jsg | Text | Required | You can retrieve this using the action List Alerts. |
Status | Enter the status of the alert to be updated. | Text | Optional | Allowed values: new, read, closed, escalated, in_progress, no_action_required, duplicate, not_relevant, tracked_external |
Tags | Enter the tags to update the alert. | List | Optional |
Example Request
[
{
"tags": [
"Sampletag1",
"Sampletag2"
],
"status": "closed",
"alert_id": "cpjar8055ojteuldb8ng"
}
]Action: Generic Action
This is a generic action used to make requests to any Mandiant Digital Threat Monitoring endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, POST, PUT, PATCH, DELETE |
Endpoint | Enter the endpoint to make the request. Example: /alerts/{id} | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | JSON | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional |
Example Request
[
{
"method": "GET",
"endpoint": "/alerts/{id}",
"extra_fields": {}
}
]