To effectively utilize threat intelligence, it's important to have a clear plan for translating that information into actions. This involves defining what actions need to be taken, such as escalation procedures, reporting, and further workflows. Mandiant Advantage can integrate with various systems, such as SIEM or SOC tools. For instance, integration with ServiceNow or similar platforms allows SOC teams to receive actionable alerts and response suggestions. This ensures that relevant teams can act promptly when potential threats are detected, streamlining the response process and enhancing overall security operations.
I think that the data query that is used for data cloud language should be improved. It's really hard to query actual data from the platform. The free tech search is also super slow and sometimes you have to wait for 20 or 30 minutes to get results. Because of this, I have to use a cloud language that is similar to the SQL language, both of which are quite hard to use. I also think that the user experience is a bit damaged and can be improved since the platform is not as intuitive as it should be.
I don't use the solution very often, and therefore it is hard to say if areas are lacking. They could have better support. Now that they've merged, they are moving towards a portal system, which isn't very helpful. You used to get support via email, which was better.
Find out what your peers are saying about Mandiant, CrowdStrike, Microsoft and others in Extended Detection and Response (XDR). Updated: December 2024.
Extended Detection and Response (XDR) solutions designed to provide a more comprehensive and unified approach to threat detection, investigation, and response across diverse data sources.
To effectively utilize threat intelligence, it's important to have a clear plan for translating that information into actions. This involves defining what actions need to be taken, such as escalation procedures, reporting, and further workflows. Mandiant Advantage can integrate with various systems, such as SIEM or SOC tools. For instance, integration with ServiceNow or similar platforms allows SOC teams to receive actionable alerts and response suggestions. This ensures that relevant teams can act promptly when potential threats are detected, streamlining the response process and enhancing overall security operations.
I think that the data query that is used for data cloud language should be improved. It's really hard to query actual data from the platform. The free tech search is also super slow and sometimes you have to wait for 20 or 30 minutes to get results. Because of this, I have to use a cloud language that is similar to the SQL language, both of which are quite hard to use. I also think that the user experience is a bit damaged and can be improved since the platform is not as intuitive as it should be.
I don't use the solution very often, and therefore it is hard to say if areas are lacking. They could have better support. Now that they've merged, they are moving towards a portal system, which isn't very helpful. You used to get support via email, which was better.