Mandiant ASM

Integration version: 6.0

Configure Mandiant ASM integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Integration configuration parameters

Use the following parameters to configure the integration:

Parameter name Type Default value Is mandatory Description
API Root String https://asm-api.advantage.mandiant.com Yes API root of the Mandiant ASM instance.
Access Key Secret N/A Yes API Access Key of the Mandiant ASM account.
Secret Key Secret N/A Yes API Secret Key of the Mandiant ASM account.
Project Name String N/A Yes Project name that should be used in Mandiant ASM.
Verify SSL Checkbox Checked Yes If enabled, the integration verifies that the SSL certificate for the connection to the Mandiant ASM server is valid.

How to generate Access Key and Secret Key

To generate Access Key and Secret Key complete the following steps:

  1. Go to Account Settings > API Keys.
  2. Click Generate New Key.

Actions

Get ASM Entity Details

Action description

Return information about a Mandiant ASM entity.

Action configuration parameters

Use the following parameters to configure the action:

Parameter name Type Default value Is mandatory Description
Entity ID CSV N/A Yes Specify a comma-separated list of entity IDs for which you want to fetch details.

Run on

This action doesn't run on entities.

Action results

Script result
Script result name Value options Example
is_success True or False is_success:False
JSON result
{
 "uuid": "6464030e-95da-4af5-83a6-cbc307c4f952",
 "dynamic_id": "Intrigue::Entity::Uri#http://3.0.216.73:80",
 "collection_name": "cpndemorange_oum28bu",
 "alias_group": 8515,
 "aliases": [
   "http://3.0.216.73:80"
 ],
 "allow_list": false,
 "ancestors": [
   {
     "type": "Intrigue::Entity::NetBlock",
     "name": "3.0.0.0/16"
   }
 ],
 "category": null,
 "collection_naics": null,
 "confidence": null,
 "deleted": false,
 "deny_list": false,
 "details": {
   "asn": null,
   "ssl": false,
   "uri": "http://3.0.216.73:80",
   "code": "404",
   "port": 80,
   "forms": false,
   "title": "404 Not Found",
   "verbs": null,
   "cookies": null,
   "headers": [
     "Date: Fri, 30 Sep 2022 06:51:11 GMT",
     "Content-Type: text/html",
     "Content-Length: 548",
     "Connection: keep-alive"
   ],
   "host_id": 8615,
   "net_geo": "US",
   "scripts": [],
   "service": "http",
   "auth.2fa": false,
   "auth.any": false,
   "dom_sha1": "540707399c1b58afd2463ec43da3b41444fbde32",
   "net_name": "",
   "protocol": "tcp",
   "alt_names": null,
   "auth.ntlm": false,
   "generator": null,
   "auth.basic": false,
   "auth.forms": false,
   "ip_address": "3.0.216.73",
   "favicon_md5": null,
   "fingerprint": [
     {
       "cpe": "cpe:2.3:a:nginx:nginx::",
       "hide": false,
       "tags": [
         "Web Server"
       ],
       "type": "fingerprint",
       "tasks": null,
       "issues": null,
       "method": "ident",
       "update": null,
       "vendor": "Nginx",
       "product": "Nginx",
       "version": null,
       "inference": false,
       "description": "nginx (default page)",
       "match_logic": "all",
       "positive_matches": [
         {
           "match_type": "content_body",
           "match_content": "(?i-mx:<hr><center>nginx\/?([\\d.]*)<\/center>)"
         }
       ]
     },
     {
       "cpe": "cpe:2.3:a:nginx:nginx::",
       "hide": false,
       "tags": [
         "Web Server"
       ],
       "type": "fingerprint",
       "tasks": null,
       "issues": null,
       "method": "ident",
       "update": null,
       "vendor": "Nginx",
       "product": "Nginx",
       "version": null,
       "inference": false,
       "description": "nginx (default page - could be redirect)",
       "match_logic": "all",
       "positive_matches": [
         {
           "match_type": "content_body",
           "match_content": "(?i-mx:<hr><center>nginx\/?[\\d.]*<\/center>)"
         }
       ]
     }
   ],
   "geolocation": {
     "asn": {
       "asn": 16509,
       "isp": "CPN Technologies Inc.",
       "name": "cpn.com, Inc.",
       "organization": "CPN Data Services Singapore",
       "connection_type": "Corporate"
     },
     "city": "Singapore",
     "postal": "049481",
     "country": "Singapore",
     "latitude": 1.35208,
     "continent": "Asia",
     "longitude": 103.82,
     "time_zone": "Asia/Singapore",
     "country_code": "SG",
     "continent_code": "AS"
   },
   "vuln_checks": [
     "log4shell_cve_2021_44228"
   ],
   "api_endpoint": false,
   "cloud_hosted": true,
   "favicon_sha1": null,
   "domain_cookies": null,
   "log4shell_uuid": "55be320622c4937c01738e092579edaa338fd90e2a",
   "redirect_chain": [],
   "redirect_count": 0,
   "cloud_providers": [
     "Cloud Provider Name"
   ],
   "hidden_original": "http://3.0.216.73:80",
   "net_country_code": null,
   "screenshot_exists": true,
   "cloud_fingerprints": [],
   "response_data_hash": "1GUXIXXTXUk/sWM+I3cAAivYSfoSMWR5CxaLgxissJA=",
   "extended_favicon_data": null,
   "extended_path_to_seed": [
     {
       "id": 8620,
       "_id": 8605,
       "name": "http://3.0.216.73:80",
       "seed": false,
       "type": "Intrigue::Entity::Uri",
       "_type": "Entity",
       "creates": [
         {
           "id": 6158,
           "_id": 6152,
           "name": "3.0.0.0/16",
           "seed": true,
           "type": "Intrigue::Entity::NetBlock",
           "_type": "Entity",
           "creates.verb": "queried",
           "creates.source_name": "search_shodan",
           "creates.source_type": "internet_scan_database"
         }
       ]
     }
   ],
   "extended_configuration": [
     {
       "hide": false,
       "name": "MurmurHash Page Content",
       "task": null,
       "type": "content",
       "issue": null,
       "result": 566218143
     },
     {
       "hide": false,
       "name": "MurmurHash Favicon",
       "task": null,
       "type": "content",
       "issue": null,
       "result": 566218143
     },
     {
       "cpe": "cpe:2.3:a:nginx:nginx::",
       "hide": false,
       "tags": [
         "Web Server"
       ],
       "type": "fingerprint",
       "tasks": null,
       "issues": null,
       "method": "ident",
       "update": null,
       "vendor": "Nginx",
       "product": "Nginx",
       "version": null,
       "inference": false,
       "description": "nginx (default page)",
       "match_logic": "all",
       "positive_matches": [
         {
           "match_type": "content_body",
           "match_content": "(?i-mx:<hr><center>nginx\/?([\\d.]*)<\/center>)"
         }
       ]
     },
     {
       "cpe": "cpe:2.3:a:nginx:nginx::",
       "hide": false,
       "tags": [
         "Web Server"
       ],
       "type": "fingerprint",
       "tasks": null,
       "issues": null,
       "method": "ident",
       "update": null,
       "vendor": "Nginx",
       "product": "Nginx",
       "version": null,
       "inference": false,
       "description": "nginx (default page - could be redirect)",
       "match_logic": "all",
       "positive_matches": [
         {
           "match_type": "content_body",
           "match_content": "(?i-mx:<hr><center>nginx\/?[\\d.]*<\/center>)"
         }
       ]
     }
   ],
   "extended_response_body": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n",
   "exfil_lookup_identifier": "55be320622c4937c01738e092579edaa",
   "extended_shodan_details": {
     "ip": 50387017,
     "os": null,
     "asn": "AS16509",
     "isp": "cpn.com, Inc.",
     "org": "CPN Data Services Singapore",
     "data": "HTTP/1.1 404 Not Found\r\nDate: Fri, 30 Sep 2022 05:16:32 GMT\r\nContent-Type: text/html\r\nContent-Length: 548\r\nConnection: keep-alive\r\n\r\n",
     "hash": -744989972,
     "http": {
       "host": "3.0.216.73",
       "html": "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n<!-- a padding to disable MSIE and Chrome friendly error page -->\r\n",
       "title": "404 Not Found",
       "robots": null,
       "server": null,
       "status": 404,
       "sitemap": null,
       "location": "/",
       "html_hash": -2090962452,
       "redirects": [],
       "components": {},
       "robots_hash": null,
       "securitytxt": null,
       "headers_hash": -873436690,
       "sitemap_hash": null,
       "securitytxt_hash": null
     },
     "tags": [
       "cloud"
     ],
     "cloud": {
       "region": "ap-southeast-1",
       "service": "CPN",
       "provider": "CPN"
     },
     "ip_str": "3.0.216.73",
     "_shodan": {
       "id": "45e7d5d8-9991-4728-bd87-cddb77cdd6e2",
       "ptr": true,
       "module": "http",
       "region": "eu",
       "crawler": "f4bb88763d8ed3a0f3f91439c2c62b77fb9e06f3",
       "options": {}
     },
     "domains": [
       "cpn.com"
     ],
     "location": {
       "city": "Singapore",
       "latitude": 1.28967,
       "area_code": null,
       "longitude": 103.85007,
       "region_code": "01",
       "country_code": "SG",
       "country_name": "Singapore"
     },
     "hostnames": [
       "ec2-3-0-216-73.ap-southeast-1.compute.cpn.com"
     ],
     "timestamp": "2022-09-30T05:16:33.068993"
   },
   "hidden_port_open_confirmed": true,
   "extended_screenshot_contents": "iVBORw0KGgoAAA"
 },
 "details_file": "data/v4/cpndemorange_oum28bu/2022_09_30/cpndemorange_oum28bu/entities/966934ca1d7a49b4a1b9b61cc0d9b2926123c379.json",
 "description": null,
 "first_seen": "2022-09-30T21:20:19.000Z",
 "hidden": false,
 "last_seen": "2022-09-30T21:20:19.000Z",
 "name": "http://3.0.216.73:80",
 "scoped": true,
 "scoped_reason": "entity_scoping_rules: fallback value",
 "seed": false,
 "source": null,
 "status": null,
 "task_results": [],
 "type": "Intrigue::Entity::Uri",
 "uid": "9bae9d6f931c5405ad95f0a51954cf8f7193664f0808aadc41c8b25e08eb9bc3",
 "created_at": "2022-09-30T21:25:05.232Z",
 "updated_at": "2022-09-30T21:25:05.239Z",
 "collection_id": 117139,
 "elasticsearch_mappings_hash": null,
 "collection": "cpndemorange_oum28bu",
 "collection_uuid": "511311a6-6ff4-4933-8f5b-f1f7df2f6a3e",
 "organization_uuid": "21d2d125-d398-4bcb-bae1-11aee14adcaf",
 "collection_type": "user_collection",
 "fingerprint": [
   {
     "cpe": "cpe:2.3:a:nginx:nginx::",
     "hide": false,
     "tags": [
       "Web Server"
     ],
     "type": "fingerprint",
     "tasks": null,
     "issues": null,
     "method": "ident",
     "update": null,
     "vendor": "Nginx",
     "product": "Nginx",
     "version": null,
     "inference": false,
     "description": "nginx (default page)",
     "match_logic": "all",
     "positive_matches": [
       {
         "match_type": "content_body",
         "match_content": "(?i-mx:<hr><center>nginx\/?([\\d.]*)<\/center>)"
       }
     ],
     "local_icon_path": "/assets/fingerprints/nginx.png"
   },
   {
     "cpe": "cpe:2.3:a:nginx:nginx::",
     "hide": false,
     "tags": [
       "Web Server"
     ],
     "type": "fingerprint",
     "tasks": null,
     "issues": null,
     "method": "ident",
     "update": null,
     "vendor": "Nginx",
     "product": "Nginx",
     "version": null,
     "inference": false,
     "description": "nginx (default page - could be redirect)",
     "match_logic": "all",
     "positive_matches": [
       {
         "match_type": "content_body",
         "match_content": "(?i-mx:<hr><center>nginx\/?[\\d.]*<\/center>)"
       }
     ],
     "local_icon_path": "/assets/fingerprints/nginx.png"
   }
 ],
 "summary": {
   "scoped": true,
   "issues": {
     "current_with_cve": 0,
     "current_by_severity": {
       "1": 1
     },
     "all_time_by_severity": {
       "1": 1
     },
     "current_count": 1,
     "all_time_count": 1,
     "critical_or_high": true
   },
   "task_results": [
     "search_shodan",
     "port_scan",
     "port_scan_lambda",
     "search_shodan"
   ],
   "screenshot_exists": true,
   "geolocation": {
     "city": "Singapore",
     "country_code": "SG",
     "country_name": null,
     "latitude": 1.35208,
     "longitude": 103.82,
     "asn": null
   },
   "http": {
     "code": 404,
     "title": "404 Not Found",
     "content": {
       "favicon_hash": null,
       "hash": null,
       "forms": false
     },
     "auth": {
       "any": false,
       "basic": false,
       "ntlm": false,
       "forms": false,
       "2fa": false
     }
   },
   "ports": {
     "tcp": [
       80
     ],
     "udp": [],
     "count": 1
   },
   "network": {
     "name": "cpn.com, Inc.",
     "asn": 16509,
     "route": null,
     "type": null
   },
   "technology": {
     "cloud": true,
     "cloud_providers": [
       "Cloud Provider Name"
     ],
     "cpes": [],
     "technologies": [],
     "technology_labels": []
   },
   "vulns": {
     "current_count": 0,
     "vulns": []
   }
 },
 "tags": [],
 "id": 8620,
 "scoped_at": "2022-09-30 06:51:57 +0000",
 "detail_string": "Fingerprint: Nginx |  Title: 404 Not Found",
 "enrichment_tasks": [
   "enrich/uri",
   "sslcan"
 ],
 "generated_at": "2022-09-30T21:21:18Z"
}

Case wall
Result type Description Type
Output message* The action should not fail nor stop a playbook execution:

If data is available for one entity (is_success=true): "Successfully return details for the following entities using information from Mandiant ASM: {entity id}".

If data is not available for one entity (is_success=true): "Action wasn't able to return details for the following entities using information from Mandiant ASM: {entity id}"

The action should fail and stop a playbook execution:

If a fatal error, like wrong credentials or no connection to the server is reported: "Error executing action "Get ASM Entity Details". Reason: {0}''.format(error.Stacktrace)

If data is not available for all (is_success=false): "Error executing action "Get ASM Entity Details". Reason: None of the provided entities were valid or found in Mandiant ASM."

General

Search ASM Entities

Action description

Search entities in Mandiant ASM.

Action configuration parameters

Use the following parameters to configure the action:

Parameter name Type Default value Is mandatory Description
Entity Name CSV N/A No Specify a comma-separated list of entity names for which you want to find entities.
Minimum Vulnerabilities Count Integer N/A No Specify the number of vulnerabilities that should be related to the entity for it to be returned.
Minimum Issues Count Integer N/A No Specify the number of issues that should be related to the entity for it to be returned.
Tags CSV N/A No Specify a comma-separated list of tag names, which should be used, when searching for the entities.
Max Entities To Return Integer 50 No Specify the number of entities to return. Default: 50. Maximum is 200.
Critical or High Issue Checkbox Unchecked No Specify whether to include only entities with High or Critical Issues.

Run on

This action doesn't run on entities.

Action results

Script result
Script result name Value options Example
is_success True or False is_success:False
JSON result
{
 "id": "143c8c3486672246603f0b5c1fd6cb055d3b57b6be975e40a79b16f0d12a1b5d",
 "dynamic_id": "Intrigue::Entity::IpAddress#3.101.124.92",
 "alias_group": "1935953",
 "name": "3.101.124.92",
 "type": "Intrigue::Entity::IpAddress",
 "first_seen": "2022-02-02T01:44:46Z",
 "last_seen": "2022-02-02T01:44:46Z",
 "collection": "cpndemorange_oum28bu",
 "collection_type": "Intrigue::Collections::UserCollection",
 "collection_naics": [],
 "collection_uuid": "511311a6-6ff4-4933-8f5b-f1f7df2f6a3e",
 "organization_uuid": "21d2d125-d398-4bcb-bae1-11aee14adcaf",
 "tags": [],
 "issues": [],
 "exfil_lookup_identifier": null,
 "summary": {
     "scoped": true,
     "issues": {
         "current_by_severity": {},
         "current_with_cve": 0,
         "all_time_by_severity": {},
         "current_count": 0,
         "all_time_count": 0,
         "critical_or_high": false
     },
     "task_results": [
         "search_shodan"
     ],
     "geolocation": {
         "city": "San Jose",
         "country_code": "US",
         "country_name": null,
         "latitude": "-121.8896",
         "asn": null
     },
     "ports": {
         "count": 0,
         "tcp": null,
         "udp": null
     },
     "resolutions": [
         "ec2-3-101-124-92.us-west-1.compute.cpn.com"
     ],
     "network": {
         "name": "CPN-02",
         "asn": "16509.0",
         "route": "::ffff:3.101.0.0/112",
         "type": null
     },
     "technology": {
         "cloud": true,
         "cloud_providers": [
             "Cloud Provider Name"
         ]
     }
 }
}
Case wall
Result type Description Type
Output message*

The action should not fail nor stop a playbook execution:

If found at least one entity (is_success=true): "Successfully returned entities based on the provided criteria in Mandiant ASM.

If nothing was found (is_success=true): "No entities were found based on the provided criteria in Mandiant ASM"

The action should fail and stop a playbook execution:

If a fatal error, like wrong credentials or no connection to the server is reported: "Error executing action "Search Entities". Reason: {0}''.format(error.Stacktrace)"

General

Search Issues

Action description

Search issues in Mandiant ASM.

Action configuration parameters

Use the following parameters to configure the action:

Parameter name Type Default value Is mandatory Description
Issue ID CSV N/A No Specify a comma-separated list of issue IDs, which you want to return details.
Entity ID CSV N/A No Specify a comma-separated list of entity IDs for which you want to find related issues.
Entity Name CSV N/A No Specify a comma-separated list of entity names for which you want to find related issues.
Time Parameter DDL

First Seen

Possible Values:

  • First Seen
  • Last Seen
No Specify the parameter that should be used for filtering time.
Time Frame DDL

Last Hour

Possible Values:

  • Last Hour
  • Last 6 Hours
  • Last 24 Hours
  • Last Week
  • Last Month
  • Custom
No Specify a time frame for the issues. If Custom is selected, you also need to set the Start Time parameter.
Start Time String N/A No Specify the start time for the results. This parameter is mandatory, if Custom is selected for the Time Frame parameter. Format: ISO 8601
End Time String N/A No Specify the end time for the results. Format: ISO 8601. If nothing is provided and Custom is selected for the Time Frame parameter then this parameter uses current time.
Lowest Severity To Return DDL

Select One

Possible Values:

  • Select One
  • Critical
  • High
  • Medium
  • Low
  • Informational
No Specify the lowest severity that should be used to return the issues. If Select One is selected, this filter is not applied during the search.
Status DDL

Select One

Possible Filter

  • Open
  • Closed
No Specify the status filter for the search. If Select One is selected, this filter is not applied during the search.
Tags CSV N/A No Specify a comma-separated list of tag names, which should be used, when searching for the issues.
Max Issues To Return Integer 50 No Specify the number of issues to return. Default: 50. Maximum is 200.

Run on

This action doesn't run on entities.

Action results

Script result
Script result name Value options Example
is_success True or False is_success:False
JSON result
{
 "id": "f6314cefb5d667db98ea47d9de8acee4bd760060397968f5feef327979280ff9",
 "uuid": "5d3ea255-ad37-48f1-ada5-7905e11e5da0",
 "dynamic_id": 20073997,
 "name": "exposed_ftp_service",
 "upstream": "intrigue",
 "last_seen": "2022-02-02T01:44:46.000Z",
 "first_seen": "2022-02-02T01:44:46.000Z",
 "entity_uid": "3443a638f951bdc23d3a089bff738cd961a387958c7f5e4975a26f12e544241f",
 "entity_type": "Intrigue::Entity::NetworkService",
 "entity_name": "3.101.144.204:21/tcp",
 "alias_group": "1937534",
 "collection": "cpndemorange_oum28bu",
 "collection_uuid": "511311a6-6ff4-4933-8f5b-f1f7df2f6a3e",
 "collection_type": "user_collection",
 "organization_uuid": "21d2d125-d398-4bcb-bae1-11aee14adcaf",
 "summary": {
     "pretty_name": "Exposed FTP Service",
     "severity": 3,
     "scoped": true,
     "confidence": "confirmed",
     "status": "open_new",
     "category": "misconfiguration",
     "identifiers": null,
     "status_new": "open",
     "status_new_detailed": "new",
     "ticket_list": null
 },
 "tags": []
}
Case wall
Result type Description Type
Output message*

The action should not fail nor stop a playbook execution:

If found at least one (is_success = true): "Successfully returned issues based on the provided criteria in Mandiant ASM.

If nothing was found (is_success=true): "No issues were found based on the provided criteria in Mandiant ASM"

The action should fail and stop a playbook execution:

If a fatal error, like wrong credentials or no connection to the server is reported: "Error executing action "Search Issues". Reason: {0}''.format(error.Stacktrace)"

General

Update Issue

Action description

Update an issue in Mandiant ASM.

Action configuration parameters

Use the following parameters to configure the action:

Parameter name Type Default value Is mandatory Description
Issue ID String N/A Yes Specify the ID of the issue that needs to be updated.
Status DDL

Select One

Possible:

  • Select One
  • New
  • Triaged
  • In Progress
  • Resolved
  • Duplicate
  • Out Of Scope
  • Not A Security Issue (Benign)
  • Risk Accepted
  • False Positive
  • Unable To Reproduce
  • Tracked Externally
  • Mitigated
N/A Yes Specify what status to set for the issues.

Run on

This action doesn't run on entities.

Action results

Script result
Script result name Value options Example
is_success True or False is_success:False
JSON result

Case wall
Result type Description Type
Output message* The action should not fail nor stop a playbook execution:

If the 200 status code is reported (is_success=true):"Successfully updated issue with ID "{id}" in Mandiant ASM."

The action should fail and stop a playbook execution:

If a fatal error, like wrong credentials or no connection to the serveris reported: "Error executing action "Update Workbench Alert". Reason: {0}''.format(error.Stacktrace)

If success=false in the response:"Error executing action "Update Issue". Reason: {message}."

General

Connectors

Mandiant ASM - Issues Connector

Connector description

Pull information about issues from Mandiant ASM.

Connector configuration parameters

Use the following parameters to configure the connector:

Parameter name Type Default value Is mandatory Description
Product Field Name String Product Name Yes Enter the source field name in order to retrieve the Product Field name.
Event Field Name String entity_type Yes Enter the source field name in order to retrieve the Event Field name.
Environment Field Name String "" No

Describes the name of the field where the environment name is stored.

If the environment field isn't found, the environment is the default environment.

Environment Regex Pattern String .* No

A regex pattern to run on the value found in the Environment Field Name field.

Default is .* to catch all and return the value unchanged.

Used to allow the user to manipulate the environment field via regex logic.

If the regex pattern is null or empty, or the environment value is null, the final environment result is the default environment.

Script Timeout (Seconds) Integer 180 Yes Timeout limit for the python process running the current script.
API Root String https://asm-api.advantage.mandiant.com Yes API root of the Mandiant ASM instance.
Access Key Secret N/A Yes API Access Key of the Mandiant ASM account.
Secret Key Secret N/A Yes API Secret Key of the Mandiant ASM account.
Project Name String N/A Yes Project name that should be used in Mandiant ASM.
Lowest Severity To Fetch String N/A No The lowest severity that needs to be used to fetch issues. Possible values: Informational, Low, Medium, High, Critical. If nothing is specified, the connector ingests issues with all types of severity.
Max Hours Backwards Integer 1 No Specify the number of hours from where to fetch issues.
Max Issues To Fetch Integer 10 No Specify the number of issues to process per one connector iteration. Default: 10.
Use dynamic list as a blocklist Checkbox Unchecked Yes If enabled, dynamic list is used as a blocklist.
Verify SSL Checkbox Checked Yes If enabled, the integration verifies that the SSL certificate for the connection to the Mandiant ASM server is valid.
Proxy Server Address String N/A No The address of the proxy server to use.
Proxy Username String N/A No The proxy username to authenticate with.
Proxy Password Password N/A No The proxy password to authenticate with.