[Mandiant] The connector should use report endpoint with STIX and PDF accept headers

[SYNchroACK]

Use case

I would like to:

1. download the PDF report file from Mandiant and store it in the Report object in OpenCTI;
2. collect all IOCs related to a specific report in STIX format and have the relationships between report object and iocs objects.

Current Workaround

None

Proposed Solution

Enhance the current connector to fetch data from the report endpoint.

Mandiant API provides additional accept headers in the v4/report/{report_id} endpoint (this accept headers currently only apply to this endpoint).

1. application/stix+json;version=2.1: it will provide the report and its IOCs in a bundle
2. application/pdf: it will provide the PDF report file

Note: some report types does not contain IOCs, but report types like Network Activity Reports, Event Coverage/Implication has all IOCs available in STIX 2.1 format.

If the feature request is approved, would you be willing to submit a PR?

Yes, probably.

[RaulSokolova]

I have added this workflow but there is a problem with the identity objects which I'm trying to resolve with the Mandiant team... As soon as I solve it, I'll submit a PR for validation.