# Release History
# 3.4.1, 3.3.3
Release date: 31 Oct 2024
**Fixes:**
- Fixes problems with concurrent writing in the stash.
## Versions: 3.2.5, 3.3.2, 3.4.1
## Release date: 28 August 2024
**Added:**
- Mandiant Threat Intelligence Feed v4 (Report Feed) now adds hashes that are ingested as Indicators also as Observables within the Report entity.
## Versions: 3.2.4, 3.3.1, 3.4.0
## Release date: 23 July 2024
**Changed:**
- Mandiant Threat Intelligence Feed v4 (Report Feed) now uses 'networks' field to create indicators related to the report.
## Version(s): 3.1.6, 3.2.3, 2.14.6
## Release date: 21 Feb 2024
**Fixed:**
- Issue in Report Feed caused by missing fields in files data.
## Version(s): 3.1.5, 3.2.2, 2.14.5
## Release date: 07 Feb 2024
**Fixed:**
- Issue in Report Feed caused by missing fields in files data.
- API connection issue in Vulnerability feed.
## Version(s): 3.1.4, 3.2.1, 2.14.4
## Release date: 26 Jan 2024
## Added
- Adds option to 'Exclude OSINT indicators` to
Mandiant Threat Intelligence Feed v4 (Indicator Feed).
## Changed
- In Mandiant Threat Intelligence Feed v4 (Indicator Feed),
change name of option 'Minimal Maliciousness score' to
'Minimum Indicator Confidence score' and tool tip to better reflect usage.
Functionality is unchanged. This field allows users to set a minimum IC-score
to exclude indicators below this score from this feed.
- 'Minimum Indicator Confidence score' is by default set to '60'
to only ingest 'Suspicious' and above indicators.
## Version(s): 3.1.3, 3.0.3, 2.14.3
## Release date: 10 Nov 2023
**Added:**
- Mandiant Threat Intelligence Feed v4 (Indicator Feed)
- Now provide 'Minimal Maliciousness value' that will be used when we filter the data.
It will be used for Indicator data that is greater than the
provided score in the configuration of the feed.
**Changed:**
- Mandiant Threat Intelligence Feed v4 (Report Feed)
- Now provide 'Summary' that is the same as on the Mandiant portal and appropriate PDF.
**Fixed:**
- Mandiant Threat Intelligence Feed v4 (Vulnerability Feed)
- Fixed issue where versions in vulnerabilities of the exploit target entity have '&' and we can
render it properly.
- Fixed issue where references of the exploit target have '/[' in the url.
## Version(s): 3.1.2, 3.0.2, 2.14.2
## Release date: 06 Oct 2023
**Added:**
- Now provides Mandiant Threat Intelligence Feed v4 (Campaign Feed)
- Endpoint(s): `/v4/campaign`
- (IC 3.0 and newer) Ingested as campaign entities,
with related attack pattern and indicator entities.
- (IC 2.14) Ingested as campaign entities,
with related TTP and indicator entities.
- Indicator entities produced by this feed
have arbitrary titles to prevent high duplicate rate
with Mandiant-provided titles.
- Has 'Campaign Historic time' field that allows you to enter a number.
If the `last_activity_time` of the ingested campaign
is older than the date the feed runs minus the number of months set here,
the campaign's 'Status' field is set to 'Historic'. Otherwise,
the campaign's 'Status' field is set to 'Ongoing'.
For example, setting 'Campaign Historic time' to '1', when we run the feed
on 5th October 2023, any ingested campaign entity with the
`last_activity_time` earlier than 5th September 2023 will have its 'Status'
field set to 'Historic'.
**Changed:**
- Mandiant Threat Intelligence Feed v4 (Report Feed)
- Now includes 'Targeted Information' tags.
- Mandiant Threat Intelligence Feed v4 (Indicator Feed)
- Now, only 'MISP warning list' that include a 'True' value are included.
**Fixed:**
- Fixed issue where Mandiant Threat Intelligence Feed v4 (Indicator Feed)
would fail if 'Start ingesting from' time was set to more than 90 days
before feed run. Now, feed automatically chunks requests to handle
this limitation.
## Version(s): 3.1.1, 3.0.1, 2.14.1
## Release date: 16 Sep 2023
**Changed:**
- Previously, Mandiant Threat Intelligence Feed v4 (Report Feed)
would retrieve Mandiant reports from `/v4/report`,
and additionally retrieve data from multiple Mandiant endpoints
to create highly detailed report entities in EclecticIQ Intelligence Center.
However, this means we get highly interconnected entities that are slow to ingest.
These long ingest times can lead to
timeouts that cause the feed to fail.
This release instead provides
5 incoming feed transport types:
- Mandiant Threat Intelligence Feed v4 (Report Feed)
- Endpoint(s): `/v4/reports`, `/v4/report`
- Ingested as report entities.
- Also creates related indicator entities for each object present
in the `files` field of the retrieved report.
- Mandiant Threat Intelligence Feed v4 (Threat Actor Feed)
- Endpoint(s): `/v4/actor`
- Ingested as threat actor entities.
- Mandiant Threat Intelligence Feed v4 (Malware Feed)
- Endpoint(s): `/v4/malware`
- (IC 3.0 and newer) Ingested as malware entities.
- (IC 2.14) Ingested as TTP entities.
- Mandiant Threat Intelligence Feed v4 (Vulnerability Feed)
- Endpoint(s): `/v4/vulnerability`
- Ingested as exploit target entities.
- (IC 3.0 and newer) Also creates tool entities for each object
present in the `exploits` field of the endpoint response.
- (IC 2.14) Also creates TTP entities for each object
present in the `exploits` field of the endpoint response.
- Mandiant Threat Intelligence Feed v4 (Indicator Feed)
- Endpoint(s): `/v4/indicator`
- Ingested as indicator entities.
When run individually, they produce entities ingested from their respective endpoints.
If these ingested entities are related to other Mandiant entities:
- These ingested entities can contain external references that are initially unresolved.
When the entity these external references point at is successfully ingested
from one of the other Mandiant feeds, the external reference resolves
into a legible relation on EclecticIQ Intelligence Center.
- Entities ingested separately from these feeds may share related observables.
When two or more entities in EclecticIQ Intelligence Center
are related to the same observable, you can trace those relationships
in graphs or through queries.
- Report entities created by this feed now includes its
PDF version as an attachment, retrieved from Mandiant.
- Ingested entities now contain MITRE ATT&CK data.
- Mandiant Threat Intelligence Feed v4 (Report Feed) now has a "Filter reports by type".
Enter a comma-separated list of report types to
only ingest Mandiant reports with those types.
Possible values (must be exact):
- `Actor Profile`
- `Event Coverage/Implication`
- `Executive Perspective`
- `ICS Security Roadmap`
- `Industry Reporting`
- `Malware Profile`
- `Network Activity Reports`
- `News Analysis`
- `Patch Report`
- `TTP Deep Dive`
- `Threat Activity Alert`
- `Threat Activity Reports`
- `Trends and Forecasting`
- `Vulnerability Report`
- `Weekly Vulnerability Exploitation Report`
**Fixed:**
- Fixed issue where incoming feeds would fail because of unexpected timestamp formats.
## Initial release
Release date: 15 June 2023
**Features:**
* Now provides the Mandiant Threat Intelligence Feed v4 (Report Feed).