Mandiant Threat Defense is a managed security service that provides active threat detection, hunting, and rapid response capabilities delivered through Google Security Operations. The service combines Mandiant expert analysts with AI-assisted threat hunting to identify and respond to security threats across an organization's security stack. The service operates natively within Google Security Operations and evaluates all data sources, including third-party alerts, through applied threat intelligence, threat hunts, and curated detection rule packs. Mandiant experts conduct intelligence-led hunting based on current incident response engagements and telemetry from Google Threat Intelligence. The service includes a proprietary case prioritization model for efficient investigation and response to high severity cases. Response capabilities include expert-led investigations and automated SOAR playbooks with Gemini-enhanced remediation recommendations. Investigation results are mapped to MITRE ATT&CK framework for actionable insights. Mandiant experts provide tuning recommendations, guided remediation, and act as an extension of the customer's security team. The service includes executive-level security reporting through native dashboards in Google Security Operations. Cases can be escalated to Mandiant Incident Response services for rapid incident resolution when needed.