Build and Share Domain Knowledge With Entity Lists
January 30, 2014 • Chris
We’re going to feature long existing but recently upgraded functionality around building entity lists in this week’s product update. Specifically, we will highlight how you can build lists of entities in Recorded Future and use those lists to rapidly expand your team’s domain knowledge and analytic capability.
How to Build Entity Lists from Results
Organizing information around entities, best thought of as “things” such as people, companies, malware, locations, and so on, is at the core of Recorded Future’s web intelligence platform. Analysts will often want to research and monitor many entities at a time, which is where lists come into play.
It’s easy enough to create these lists item by item, but today, we’re improving workflow efficiency by seeding new lists or adding to existing lists by pulling in the contents of query results.
The above example comes from a search for companies reportedly affected by or targeted in cyber attacks last week (January 19-January 25, 2014). You can be explore the results here.
The prompt shows us saving those companies from the results into a list, which we’ve called “Companies Targeted in Cyber Attacks” for revisiting in later research.
What might otherwise be a laborious, hand jam of entities one by one into a list was completed in a few clicks, and now we have a useful list of entities for use in another query. It’s easy to load tens or hundreds of result-based entities to a list.
Creating a list allows you to query across that entire set of entities. These lists can be edited in the My Work area.
Your lists are also available for search directly in the query builder! You can search for a list just like any other item in Recorded Future, and further, can build additional entity lists out of those results. Let’s run through a quick example of how this would work.
Searching our new “Companies Targeted in Cyber Attacks” list, we’ll identify newly announced partners of those targeted companies. Here’s the search:
And below is the resulting network showing recent partners of companies targeted by cyber attacks last week. We’ll repeat the process shown above by saving the discovered partner companies to a new list called “Partners of Companies Targeted in Cyber Attacks During January.” Using entity lists to build new lists that expand our knowledge of companies potentially affected down the cyber supply chain!
Share Lists and Create Alerts
Many analysts using Recorded Future work as part of a team. List functionality was designed such that each item is shareable and can be leveraged across other product features such as email alerts and Recorded Future Cyber.
The visibility of lists for other analysts in your team can be configured from the lists space in My Work. Each list can be assigned as appropriate to individuals or the entire workgroup, to allow for viewing and use or enable collaborative editing rights.
Once lists are created, particularly those around a highly focused domain, you might like to set up an alert to be notified via email whenever new events occur involving any entities within a list.
For this guide, we’ll share an example from our list of RedKit Exploits. The below alert text shows how how lists and alerts can be combined for cyber threat intelligence.
Ready to try using the “Save Result to List” feature? Bookmark the how-to article on our support site detailing how to build entity lists and then login to your Recorded Future account.