Mandiant ASM
Visualize Mandiant Attack Surface Management assets, monitor external-facing hosts, domains, certificates, and security issues, and track changes through queries and alerts.
- Installation
- Authorization
- Data Model
- Types
- Release Notes
Installation
You will need API credentials from the Mandiant ASM platform. These can be generated by any user under their account settings. See the Mandiant ASM API documentation for more information.
Prerequisites
- Access to the Mandiant ASM platform at
https://asm-api.advantage.mandiant.com - An Intrigue Access Key and Intrigue Secret Key generated from your account settings
- At least one ASM project configured in the platform
Configuration in JupiterOne
To install the Mandiant ASM integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Mandiant ASM. Click New Instance to begin configuring your integration.
Creating an instance requires the following:
-
The Account Name used to identify the Mandiant ASM account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled. -
Description to assist in identifying the integration instance, if desired.
-
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration. -
Your Mandiant ASM Intrigue Access Key (INTRIGUE_ACCESS_KEY) used to authenticate with the API.
-
Your Mandiant ASM Intrigue Secret Key (INTRIGUE_SECRET_KEY) used to authenticate with the API.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | mandiant_asm_account | Account |
| ApplicationEndpoint | mandiant_asm_application_endpoint | ApplicationEndpoint |
| Certificate | mandiant_asm_certificate | Certificate |
| CodeRepo | mandiant_asm_code_repo | CodeRepo |
| Collection | mandiant_asm_collection | Assessment |
| DataStore | mandiant_asm_data_store | DataStore |
| DnsRecord | mandiant_asm_dns_record | DomainRecord |
| Domain | mandiant_asm_domain | Domain |
| Host | mandiant_asm_host | Host |
| Issue | mandiant_asm_issue | Finding |
| Network | mandiant_asm_network | Network |
| NetworkService | mandiant_asm_network_service | NetworkInterface |
| Project | mandiant_asm_project | Group |
| Resource | mandiant_asm_resource | Resource |
| Technology | mandiant_asm_technology | Application |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
mandiant_asm_account | HAS | mandiant_asm_project |
mandiant_asm_application_endpoint | HAS | mandiant_asm_issue |
mandiant_asm_application_endpoint | USES | mandiant_asm_technology |
mandiant_asm_certificate | HAS | mandiant_asm_issue |
mandiant_asm_code_repo | HAS | mandiant_asm_issue |
mandiant_asm_collection | HAS | mandiant_asm_host |
mandiant_asm_collection | HAS | mandiant_asm_domain |
mandiant_asm_collection | HAS | mandiant_asm_dns_record |
mandiant_asm_collection | HAS | mandiant_asm_network_service |
mandiant_asm_collection | HAS | mandiant_asm_certificate |
mandiant_asm_collection | HAS | mandiant_asm_application_endpoint |
mandiant_asm_collection | HAS | mandiant_asm_network |
mandiant_asm_collection | HAS | mandiant_asm_data_store |
mandiant_asm_collection | HAS | mandiant_asm_code_repo |
mandiant_asm_collection | HAS | mandiant_asm_resource |
mandiant_asm_data_store | HAS | mandiant_asm_issue |
mandiant_asm_dns_record | HAS | mandiant_asm_issue |
mandiant_asm_domain | HAS | mandiant_asm_issue |
mandiant_asm_domain | USES | mandiant_asm_technology |
mandiant_asm_host | HAS | mandiant_asm_issue |
mandiant_asm_host | USES | mandiant_asm_technology |
mandiant_asm_network | HAS | mandiant_asm_issue |
mandiant_asm_network_service | HAS | mandiant_asm_issue |
mandiant_asm_network_service | USES | mandiant_asm_technology |
mandiant_asm_project | HAS | mandiant_asm_collection |
mandiant_asm_resource | HAS | mandiant_asm_issue |
Mapped Relationships
The following mapped relationships are created:
Source Entity _type | Relationship _class | Target Entity _type | Direction |
|---|---|---|---|
mandiant_asm_code_repo | IS | github_repo | FORWARD |
mandiant_asm_data_store | IS | aws_s3_bucket | FORWARD |
mandiant_asm_data_store | IS | azure_storage_account | FORWARD |
mandiant_asm_data_store | IS | google_storage_bucket | FORWARD |
mandiant_asm_host | IS | aws_instance | FORWARD |
mandiant_asm_host | IS | azure_vm | FORWARD |
mandiant_asm_host | IS | google_compute_instance | FORWARD |
mandiant_asm_issue | IS | cve | FORWARD |
Mandiant Asm Account
mandiant_asm_account inherits from Account
| Property | Type | Description | Specifications |
|---|---|---|---|
vendor * | string | The vendor name for the account |
Mandiant Asm Application Endpoint
mandiant_asm_application_endpoint inherits from ApplicationEndpoint
| Property | Type | Description | Specifications |
|---|---|---|---|
address * | string | null | The address of the application endpoint | |
entityType * | string | null | The Mandiant ASM entity type | |
isScoped * | boolean | null | Whether the entity is in scope for scanning |
Mandiant Asm Certificate
mandiant_asm_certificate inherits from Certificate
| Property | Type | Description | Specifications |
|---|---|---|---|
entityType * | string | null | The Mandiant ASM entity type | |
isScoped * | boolean | null | Whether the entity is in scope for scanning |
Mandiant Asm Code Repo
mandiant_asm_code_repo inherits from CodeRepo
| Property | Type | Description | Specifications |
|---|---|---|---|
entityType * | string | null | The Mandiant ASM entity type | |
isScoped * | boolean | null | Whether the entity is in scope for scanning |
Mandiant Asm Collection
mandiant_asm_collection inherits from Assessment
| Property | Type | Description | Specifications |
|---|---|---|---|
category * | string | The workflow category of the collection | |
entityCount * | number | null | The number of entities in the collection | |
internal * | boolean | Whether this is an internal collection | |
summary * | string | A summary description of the collection |
Mandiant Asm Data Store
mandiant_asm_data_store inherits from DataStore
| Property | Type | Description | Specifications |
|---|---|---|---|
classification * | string | null | The data classification level | |
encrypted * | boolean | null | Whether the data store is encrypted | |
entityType * | string | null | The Mandiant ASM entity type | |
isScoped * | boolean | null | Whether the entity is in scope for scanning |
Mandiant Asm Dns Record
mandiant_asm_dns_record inherits from DomainRecord
| Property | Type | Description | Specifications |
|---|---|---|---|
entityType * | string | null | The Mandiant ASM entity type | |
isScoped * | boolean | null | Whether the entity is in scope for scanning | |
TTL * | number | Time-to-live of the DNS record (defaults to 0 when not provided by API) | |
type * | string | The DNS record type (defaults to A when not provided by API) |
Mandiant Asm Domain
mandiant_asm_domain inherits from Domain
| Property | Type | Description | Specifications |
|---|---|---|---|
domainName * | string | The domain name | |
entityType * | string | null | The Mandiant ASM entity type | |
isScoped * | boolean | null | Whether the entity is in scope for scanning |
Mandiant Asm Host
mandiant_asm_host inherits from Host
| Property | Type | Description | Specifications |
|---|---|---|---|
category * | string | null | The Mandiant ASM category of the host | |
deviceId * | array | null | Device identifiers for the host | |
entityType * | string | null | The Mandiant ASM entity type | |
fqdn * | array | null | Fully qualified domain names for the host | |
hostname * | string | null | The hostname of the host | |
ipv4Addresses * | array | null | IPv4 addresses of the host | |
ipv6Addresses * | array | null | IPv6 addresses of the host | |
isScoped * | boolean | null | Whether the entity is in scope for scanning | |
lastSeenOn * | integer | null | Timestamp when the host was last seen | |
macAddresses * | array | null | MAC addresses of the host | |
make * | string | null | The manufacturer of the host | |
model * | string | null | The model of the host | |
osDetails * | string | null | Detailed OS information | |
osName * | string | null | The OS name | |
osType * | string | null | The OS type | |
osVersion * | string | null | The OS version | |
platform * | string | null | The cloud platform (AWS, Azure, GCP) | |
privateIpAddresses * | array | null | Private IP addresses of the host | |
publicIpAddresses * | array | null | Public IP addresses of the host | |
serial * | string | null | The serial number of the host |
Mandiant Asm Issue
mandiant_asm_issue inherits from Finding
| Property | Type | Description | Specifications |
|---|---|---|---|
category * | string | null | The category of the issue | |
entityUid * | string | null | The UID of the parent entity this issue belongs to | |
isConfidence * | string | null | The confidence level of the finding | |
numericSeverity * | number | null | Numeric severity on a 0-10 scale | |
open * | boolean | null | Whether the issue is currently open | |
severity * | string | null | Severity level (critical, high, medium, low, informational) | |
source * | string | null | The collection source of the issue | |
upstream * | string | null | The upstream source of the issue |
Mandiant Asm Network
mandiant_asm_network inherits from Network
| Property | Type | Description | Specifications |
|---|---|---|---|
CIDR * | string | null | The CIDR notation for the network block | |
entityType * | string | null | The Mandiant ASM entity type | |
internal * | boolean | null | Whether this is an internal network | |
isScoped * | boolean | null | Whether the entity is in scope for scanning | |
public * | boolean | null | Whether this is a public network |
Mandiant Asm Network Service
mandiant_asm_network_service inherits from NetworkInterface
| Property | Type | Description | Specifications |
|---|---|---|---|
entityType * | string | null | The Mandiant ASM entity type | |
isScoped * | boolean | null | Whether the entity is in scope for scanning |
Mandiant Asm Project
mandiant_asm_project inherits from Group
| Property | Type | Description | Specifications |
|---|---|---|---|
organizationUuid * | string | null | The UUID of the organization this project belongs to |
Mandiant Asm Resource
mandiant_asm_resource inherits from Resource
| Property | Type | Description | Specifications |
|---|---|---|---|
entityType * | string | null | The Mandiant ASM entity type | |
isScoped * | boolean | null | Whether the entity is in scope for scanning |
Mandiant Asm Technology
mandiant_asm_technology inherits from Application
| Property | Type | Description | Specifications |
|---|---|---|---|
entityUid * | string | null | The UID of the parent entity this technology belongs to |
Release Notes
- 2026-04-09 — New Mandiant ASM integration: ingests projects, collections, assets including hosts, domains, DNS records, network services, certificates, application endpoints, and networks, plus issues and technology inventory.