To provide a more powerful and integrated solution, Mandiant Threat Intelligence and Virustotal feeds are now seamlessly integrated with Trellix Threat Intelligence to more easily enable future threat intelligence improvements and Trellix Wise integrations.
On October 8, 2024, Trellix and Mandiant will change how threat intelligence and the Managed Defense status are displayed in Trellix Helix cases. Moving forward, threat intelligence will be visible in the Trellix Insights panel and enhanced to include the combined, multiple threat intelligence sources.
Trellix Helix will also no longer display Managed Defense status in case details under the “Managed Defense” or “MD” section of the case details (see example screenshot). These details will instead be viewed in the Managed Defense Portal or by using the Managed Defense API.
Action Required
- If you use the Mandiant Threat Intelligence contextual information in Helix, refer to the Trellix Insights information in the same panel.
- If you are not using the Managed Defense Review and Disposition status view in Helix, no action is required.
For customers that use these details, Mandiant recommends using the Managed Defense Portal API to get this information. The Managed Defense Portal API provides a programmatic interface to access your Managed Defense case status and other information. There is a Managed Defense Helix plugin that can be used in playbooks. Managed Defense will soon be releasing a similar Managed Defense API integration for Google Security Operations SOAR.
For more details, see Managed Defense API Documentation.