Skip to main content
All Posts
ThreatStream
1
min read

New ThreatStream Feed: Mandiant Digital Threat Monitoring

Mandiant Digital Threat Monitoring is now available as a premium threat intelligence feed in Anomali ThreatStream.
Anomali
Published on
June 13, 2025
Table of Contents

The Anomali team is excited to now offer Mandiant Digital Threat Monitoring within the ThreatStream APP store. Digital Threat Monitoring is a threat intelligence feed offered by Mandiant, now part of Google, that monitors open, deep, and dark web sources to detect data leaks, brand abuse, credential exposure, and ransomware threats in near real-time using Mandiant’s threat intelligence and machine learning.

Monitor the Open, Deep, and Dark Web

The Mandiant Digital Threat Monitoring feed offers great visibility into the following threats:

  • Compromised credential exposure — both for internal employee and customer data
  • Malicious targeting or potential attacks based on deep and dark web activity
  • Malicious or accidental insider data leaks

The feed closely monitors locations on the web where credentials or data breaches are traded or sold, such as dark web markets, blogs, forums, paste sites, and more. You can learn more about Mandiant Digital Threat Monitoring in this datasheet.

An example of a potential threat based on dark web form activity
An example of a potential threat based on dark web forum activity.

Enabling Mandiant Digital Threat Monitoring in ThreatStream

By enabling Mandiant Digital Threat Monitoring in Anomali ThreatStream, CTI teams can correlate Mandiant's threat intelligence with other intel sources and distribute this intelligence throughout their organization's security telemetry. Anomali ThreatStream helps to automatically contextualize, deduplicate, and define the severity/confidence of potential threats. ThreatStream users can also share and distribute this intelligence among Trusted Circles.

As a premium feed, accessing this data requires an active subscription with Google for Mandiant Digital Threat Monitoring. To enable the feed in ThreatStream, users can simply:

  1. Access the "Mandiant DTM" tile within the ThreatStream APP Store
  2. Submit the "Client_key" and "Client_ secret" values provided by Mandiant DTM
  3. Click "Activate" and the feed should now be active

Get Started in ThreatStream

Interested in exploring the integration between Mandiant Digital Threat Monitoring and Anomali ThreatStream? If you're not yet a ThreatStream customer, request a demo to see the integration for yourself along with the 200+ other threat intelligence feeds available in the ThreatStream APP Store.

FEATURED RESOURCES

January 13, 2026
Anomali Cyber Watch

Anomali Cyber Watch: Cisco ISE Flaw, Ni8mare, N8scape, Zero-Click Prompt Injection and more

Anomali Cyber Watch: Cisco ISE Flaw Enables Arbitrary File Read via Administrative Access. Ni8mare and N8scape Vulnerabilities Expose n8n Automation Platforms to Full Compromise. Zero-Click Prompt Injection Abuse Enables Silent Data Exfiltration via AI Agents. Phishing Attacks Exploit Misconfigured Email Routing to Spoof Internal Domains. Ransomware Activity in the U.S. Continued to Rise in 2025. Android Ghost Tap Malware Drives Remote NFC Payment Fraud Campaigns. Black Cat SEO Poisoning Malware Campaign Exploits Software Search Results. MuddyWater Upgrades Espionage Arsenal with RustyWater RAT in Middle East Spear-Phishing. China-Linked ESXi VM Escape Exploit Observed in the Wild. Instagram Denies Data Breach Despite Claims of 17.5 Million Account Data Leak
Read More
January 6, 2026
Anomali Cyber Watch

Anomali Cyber Watch: OWASP Agentic AI, MongoBleed, WebRAT Malware, and more

Real-World Attacks Behind OWASP Agentic AI Top 10. MongoDB Memory Leak Vulnerability “MongoBleed” Actively Exploited. WebRAT Malware Spread via Fake GitHub Proof of Concept Exploits. Trusted Cloud Automation Weaponized for Credential Phishing. MacSync macOS Stealer Evolves to Abuse Code Signing and Swift Execution. Claimed Resecurity Breach Turns Out to Be Honeypot Trap. Cybersecurity Professionals Sentenced for Enabling Ransomware Attacks. Google Tests Nano Banana 2 Flash as Its Fastest Image AI Model. RondoDox Botnet Exploits React2Shell to Hijack 90,000+ Systems. Critical n8n Expression Injection Leads to Arbitrary Code Execution
Read More
December 23, 2025
Anomali Cyber Watch

Anomali Cyber Watch: SantaStealer Threat, Christmas Scams of 2025, React2Shell Exploit, Phishing via ISO, and more

SantaStealer Infostealer Threat Gains Traction in Underground Forums. From Fake Deals to Phishing: The Most Effective Christmas Scams of 2025. React2Shell Exploitation Expands With New Payloads and Broader Targeting. Russian Phishing Campaign Delivers Phantom Stealer via ISO Attachments. And More...
Read More
Explore All