More Tips for Entity Type Analysis and Monitoring
December 26, 2013 • Chris
We recently introduced our refined Entity Type query capability by showing how to ask and answer big web intelligence questions that cut across broad categories.
Today we’ll provide a short update on that capability by detailing the Entity Types available for analysis in Recorded Future.
There are several super categories containing more precise entity types: Location, Corporate, Organization, Product and Commodity, Person, Cyber, Technical Indicator, Technology, and Financial.
Each category contains one or more Entity Types on which you can run a query:
- Province or State
- Facility (e.g. airports, universities, stadiums)
Example: Protests this week at the city level in Europe
Example: Cyber threats against companies this week
- IP Address – Includes IPv4 and IPv6 addresses
- Hash – Includes MD5 and SHA-1 hash values
- Identifier – Vulnerability and security bulletin identifiers, including identifiers from NIST CVE registry, Microsoft, Adobe, SUSE, and RedHat
- Domain – Internet domain names, derived from URLs and email addresses
- Registry Key – Windows registry key names
- File Name – Executable filenames
Example: IP addresses and domains linked malware during the past 48 hours
Get Started with Entity Type Queries
When you’re ready to try things out for yourself, we have two valuable resources to keep on hand. Open the support docs detailing “how to” on Entity Type queries as well as the comprehensive list of Entity Types available for querying.
Try setting up alerts on these concepts as well to see how they provide a wide range of view. As always, let us know if you have any questions by sending a message to support [at] recordedfuture [dot] com.