Mandiant Automated Defense

Details
Content
Dependencies
Version History

Mandiant Automated Defense Pack

This pack pulls open investigations created by Mandiant Automated Defense (MAD) into XSOAR. On top of pulling valuable data created by MAD into XSOAR, a user can assign someone to the investigation, change the investigation description, and close an investigation all from the XSOAR UI.

The pack has several commands

mad-get-incident - get a specific investigation, open or closed, from MAD
mad-assign-user - assign a specific user to an investigation
mad-remove-user - remove a specific user from an investigation
mad-close-incident - close a specific investigation

Bi-directional mirroring is supported.

Currently, this pack has no playbooks.

Classifiers

Name	Description
Mandiant Automated Defense Incoming Mapper
Mandiant Automated Defense Classifier

Integrations

Name	Description
Mandiant Automated Defense (Formerly Respond Software) (Partner Contribution)	Use the Mandiant Automated Defense integration to fetch and update incidents from Mandiant Automated Defense. Mandiant Automated Defense fetches open incidents and updates them every minute. Changes made within XSOAR are reflected in Mandiant Automated Defense platform with bi-directional mirroring capabilities enabled.

Incident Types

Name	Description
Mandiant Automated Defense Incident

Incident Fields

Name	Description
MAD Event Count
MAD Signatures
MAD Internal Tenant Id
MAD Status
MAD Asset Criticality
MAD URL
MAD Domains
MAD Description
MAD Malware
MAD Feedback Outcome
MAD Assigned Users
MAD Attack Tactic
MAD Incident Id
MAD File Hashes
MAD Time Generated
MAD First Event Time
MAD Assets
MAD Attack Stage
MAD Escalation Reasons
MAD External Tenant Id
MAD Accounts
MAD Feedback Time Updated
MAD Feedback User Id
MAD Feedback Comments
MAD Last Event Time
MAD Probability
MAD Close URL
MAD External Systems

Layouts

Name	Description
Mandiant Automated Defense

Classifiers

Name	Description
Mandiant Automated Defense Incoming Mapper
Mandiant Automated Defense Classifier

Integrations

Name	Description
Mandiant Automated Defense (Formerly Respond Software) (Partner Contribution)	Use the Mandiant Automated Defense integration to fetch and update incidents from Mandiant Automated Defense. Mandiant Automated Defense fetches open incidents and updates them every minute. Changes made within XSOAR are reflected in Mandiant Automated Defense platform with bi-directional mirroring capabilities enabled.

Incident Types

Name	Description
Mandiant Automated Defense Incident

Incident Fields

Name	Description
MAD Event Count
MAD Signatures
MAD Internal Tenant Id
MAD Status
MAD Asset Criticality
MAD URL
MAD Domains
MAD Description
MAD Malware
MAD Feedback Outcome
MAD Assigned Users
MAD Attack Tactic
MAD Incident Id
MAD File Hashes
MAD Time Generated
MAD First Event Time
MAD Assets
MAD Attack Stage
MAD Escalation Reasons
MAD External Tenant Id
MAD Accounts
MAD Feedback Time Updated
MAD Feedback User Id
MAD Feedback Comments
MAD Last Event Time
MAD Probability
MAD Close URL
MAD External Systems

Pack Name	Pack By
Base	By: Cortex XSOAR

Pack Name	Pack By
Common Types	By: Cortex XSOAR

Pack Name	Pack By
Base	By: Cortex XSOAR

PUBLISHER

Mandiant

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	June 8, 2021
Last Release	September 12, 2023

WORKS WITH THE FOLLOWING INTEGRATIONS:

Mandiant Automated Defense (Formerly Respond Software)

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.

Mandiant Automated Defense

Integrations

Mandiant Automated Defense (Formerly Respond Software)

Integrations

Mandiant Automated Defense (Formerly Respond Software)

Layouts

Integrations

Mandiant Automated Defense (Formerly Respond Software)

Integrations

Mandiant Automated Defense (Formerly Respond Software)

PUBLISHER

PLATFORMS

INFO

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER