Skip to main content
All Posts
ThreatStream
1
min read

New ThreatStream Feed: Mandiant Digital Threat Monitoring

Mandiant Digital Threat Monitoring is now available as a premium threat intelligence feed in Anomali ThreatStream.
Anomali
Published on
June 13, 2025
Table of Contents

The Anomali team is excited to now offer Mandiant Digital Threat Monitoring within the ThreatStream APP store. Digital Threat Monitoring is a threat intelligence feed offered by Mandiant, now part of Google, that monitors open, deep, and dark web sources to detect data leaks, brand abuse, credential exposure, and ransomware threats in near real-time using Mandiant’s threat intelligence and machine learning.

Monitor the Open, Deep, and Dark Web

The Mandiant Digital Threat Monitoring feed offers great visibility into the following threats:

  • Compromised credential exposure — both for internal employee and customer data
  • Malicious targeting or potential attacks based on deep and dark web activity
  • Malicious or accidental insider data leaks

The feed closely monitors locations on the web where credentials or data breaches are traded or sold, such as dark web markets, blogs, forums, paste sites, and more. You can learn more about Mandiant Digital Threat Monitoring in this datasheet.

An example of a potential threat based on dark web form activity
An example of a potential threat based on dark web forum activity.

Enabling Mandiant Digital Threat Monitoring in ThreatStream

By enabling Mandiant Digital Threat Monitoring in Anomali ThreatStream, CTI teams can correlate Mandiant's threat intelligence with other intel sources and distribute this intelligence throughout their organization's security telemetry. Anomali ThreatStream helps to automatically contextualize, deduplicate, and define the severity/confidence of potential threats. ThreatStream users can also share and distribute this intelligence among Trusted Circles.

As a premium feed, accessing this data requires an active subscription with Google for Mandiant Digital Threat Monitoring. To enable the feed in ThreatStream, users can simply:

  1. Access the "Mandiant DTM" tile within the ThreatStream APP Store
  2. Submit the "Client_key" and "Client_ secret" values provided by Mandiant DTM
  3. Click "Activate" and the feed should now be active

Get Started in ThreatStream

Interested in exploring the integration between Mandiant Digital Threat Monitoring and Anomali ThreatStream? If you're not yet a ThreatStream customer, request a demo to see the integration for yourself along with the 200+ other threat intelligence feeds available in the ThreatStream APP Store.

FEATURED RESOURCES

February 10, 2026
Anomali Cyber Watch

Anomali Cyber Watch: Notepad++ Attack, RAT Uses Hugging Face, Microsoft Office Flaw and more

Notepad++ Supply Chain Attack Delivers Chrysalis Backdoor. Android RAT Uses Hugging Face Platform to Host Malicious Payloads. Fancy Bear Exploits Microsoft Office Flaw in Ukraine. Nitrogen Ransomware Decryptor Fails Due to Coding Error. And more...
Read More
February 3, 2026
Anomali Cyber Watch

Anomali Cyber Watch: Stanley Malware Toolkit, ShinyHunters, Vulnerability in WhatsApp and more

Stanley Malware Toolkit Abuses Browser Extensions to Enable URL-Trusted Phishing. ShinyHunters Linked to Large-Scale Okta SSO Credential Harvesting via Voice Phishing. Silent Media Chain Vulnerability in WhatsApp Group Chats. And more...
Read More
February 5, 2026
Anomali

Anomali Earns Committed Badge from EcoVadis for Sustainability Performance

Read More
Explore All