Mandiant Automated Defense

Details
Content
Dependencies
Version History

Mandiant Automated Defense Pack

This pack pulls open investigations created by Mandiant Automated Defense (MAD) into XSOAR. On top of pulling valuable data created by MAD into XSOAR, a user can assign someone to the investigation, change the investigation description, and close an investigation all from the XSOAR UI.

The pack has several commands

mad-get-incident - get a specific investigation, open or closed, from MAD
mad-assign-user - assign a specific user to an investigation
mad-remove-user - remove a specific user from an investigation
mad-close-incident - close a specific investigation

Bi-directional mirroring is supported.

Currently, this pack has no playbooks.

Incident Types

Name	Description
Mandiant Automated Defense Incident

Integrations

Name	Description
Mandiant Automated Defense (Formerly Respond Software) (Partner Contribution)	Use the Mandiant Automated Defense integration to fetch and update incidents from Mandiant Automated Defense. Mandiant Automated Defense fetches open incidents and updates them every minute. Changes made within XSOAR are reflected in Mandiant Automated Defense platform with bi-directional mirroring capabilities enabled.

Layouts

Name	Description
Mandiant Automated Defense

Classifiers

Name	Description
Mandiant Automated Defense Classifier
Mandiant Automated Defense Incoming Mapper

Incident Fields

Name	Description
MAD Incident Id
MAD Assigned Users
MAD Domains
MAD External Tenant Id
MAD Feedback Comments
MAD Description
MAD Attack Tactic
MAD Escalation Reasons
MAD Attack Stage
MAD Feedback Outcome
MAD Event Count
MAD Accounts
MAD Malware
MAD Internal Tenant Id
MAD Feedback Time Updated
MAD Assets
MAD Signatures
MAD Time Generated
MAD URL
MAD External Systems
MAD Close URL
MAD First Event Time
MAD Probability
MAD Asset Criticality
MAD Last Event Time
MAD File Hashes
MAD Status
MAD Feedback User Id

Incident Types

Name	Description
Mandiant Automated Defense Incident

Integrations

Name	Description
Mandiant Automated Defense (Formerly Respond Software) (Partner Contribution)	Use the Mandiant Automated Defense integration to fetch and update incidents from Mandiant Automated Defense. Mandiant Automated Defense fetches open incidents and updates them every minute. Changes made within XSOAR are reflected in Mandiant Automated Defense platform with bi-directional mirroring capabilities enabled.

Classifiers

Name	Description
Mandiant Automated Defense Classifier
Mandiant Automated Defense Incoming Mapper

Incident Fields

Name	Description
MAD Incident Id
MAD Assigned Users
MAD Domains
MAD External Tenant Id
MAD Feedback Comments
MAD Description
MAD Attack Tactic
MAD Escalation Reasons
MAD Attack Stage
MAD Feedback Outcome
MAD Event Count
MAD Accounts
MAD Malware
MAD Internal Tenant Id
MAD Feedback Time Updated
MAD Assets
MAD Signatures
MAD Time Generated
MAD URL
MAD External Systems
MAD Close URL
MAD First Event Time
MAD Probability
MAD Asset Criticality
MAD Last Event Time
MAD File Hashes
MAD Status
MAD Feedback User Id

Pack Name	Pack By
Base	By: Cortex XSOAR

Pack Name	Pack By
Common Types	By: Cortex XSOAR

PUBLISHER

Mandiant

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	June 8, 2021
Last Release	June 5, 2023

WORKS WITH THE FOLLOWING INTEGRATIONS:

Mandiant Automated Defense (Formerly Respond Software)

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.

Mandiant Automated Defense

Integrations

Mandiant Automated Defense (Formerly Respond Software)

Layouts

Integrations

Mandiant Automated Defense (Formerly Respond Software)

Integrations

Mandiant Automated Defense (Formerly Respond Software)

Integrations

Mandiant Automated Defense (Formerly Respond Software)

PUBLISHER

PLATFORMS

INFO

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER