Skip to main content Link Search Menu Expand Document (external link)
DocIntel Docs

Mandiant Module

The Mandiant module enables you to synchronize your DocIntel instance with your Mandiant Threat Intelligence Feed. All the reports with their associated tags and structured data will be imported for you to use.

Please note that this module is not part of the open-source version and is installed as an external module. If you are interested in this module, please contact antoine@docintel.org.

Installation

To install the module, follow these steps:

  1. Copy the received public key to $DOCINTEL_DATA/modules/public.pem.
  2. Download the archive and extract its contents.
  3. Copy the contents of the archive to $DOCINTEL_DATA/modules/mandiant.
  4. Copy the licence file to $DOCINTEL_DATA/modules/mandiant/licence.txt.
  5. Restart the application.
  6. Go to Ingestion > Collectors
  7. Click Install
  8. Select mandiant.threat-intel-reports in the collector dropdown. Refer to Collector for more information about how to configure a collector.
  9. Click Install
  10. Enter your API key and secret.
  11. Click save