This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

How to Check If Mandiant Threat Intelligence is Working in Google Chronicle for IOC Matches

Posted on 01-03-2025 03:28 AM
dnyaneshwar
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hi everyone,

We’ve noticed that for the past week, we haven’t seen any alerts or results related to Mandiant Threat Intelligence in Google Chronicle, particularly in terms of IOCs matches.

Could anyone share how we can check if the Mandiant feed is working correctly or if it’s integrated properly? (We've checked and seen that the credentials we've provided are working, but we haven't been getting any successful results for the past week.) We’re specifically looking for any IOC matches that should be triggering alerts or logs.

Is there a way for us to verify or troubleshoot this on our own within Chronicle, such as running specific queries or reviewing any logs to ensure the integration is active and functioning as expected?

Appreciate any help or guidance on this!

Thanks in advance!

Thanks,

Dnyaneshwar

 

Solved Solved
0 3 323
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
SoarAndy
Staff
In response to dnyaneshwar
Reply posted on --/--/---- --:-- AM

I suggest copy/paste the question to the Chronicle section 🙂

https://www.googlecloudcommunity.com/gc/forums/filteredbylabelpage/board-id/chronicle-siem/label-nam...

View solution in original post

Jump to Solution
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
SoarAndy
Staff
Reply posted on --/--/---- --:-- AM

Is this relating to automated enrichment in SIEM, or playbook enrichment in SOAR?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dnyaneshwar
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hello ,

This is related to SIEM, specifically the 'Alerts and IOC Matches' section under the detection options. In the past, we have seen numerous matches with IOCs and alerts. However, in the past few days, we haven't seen any results. We compared the older results with the new logs, and found that a few still match the conditions—based on Mandiant's analysis, these are part of the IOCs. Yet, we are not seeing any IOC match alerts in portal. That’s why we have some doubts about whether there might be an issue with the IOC matching in the Google SecOps tool, especially with the Mandiant integration.

Thanks,

Dnyaneshwar

SS_IOC Check mandiant.png

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
SoarAndy
Staff
In response to dnyaneshwar
Reply posted on --/--/---- --:-- AM

I suggest copy/paste the question to the Chronicle section 🙂

https://www.googlecloudcommunity.com/gc/forums/filteredbylabelpage/board-id/chronicle-siem/label-nam...

Jump to Solution
0 Likes
Top Solution Authors
View all