Build and Share Domain Knowledge With Entity Lists
Predict 21: The Intelligence Summit Register Today

Build and Share Domain Knowledge With Entity Lists

January 30, 2014 • Chris

We’re going to feature long existing but recently upgraded functionality around building entity lists in this week’s product update. Specifically, we will highlight how you can build lists of entities in Recorded Future and use those lists to rapidly expand your team’s domain knowledge and analytic capability.

How to Build Entity Lists from Results

Organizing information around entities, best thought of as “things” such as people, companies, malware, locations, and so on, is at the core of Recorded Future’s web intelligence platform. Analysts will often want to research and monitor many entities at a time, which is where lists come into play.

It’s easy enough to create these lists item by item, but today, we’re improving workflow efficiency by seeding new lists or adding to existing lists by pulling in the contents of query results.

List of Company Cyber Attack Targets

The above example comes from a search for companies reportedly affected by or targeted in cyber attacks last week (January 19-January 25, 2014). You can be explore the results here.

The prompt shows us saving those companies from the results into a list, which we’ve called “Companies Targeted in Cyber Attacks” for revisiting in later research.

What might otherwise be a laborious, hand jam of entities one by one into a list was completed in a few clicks, and now we have a useful list of entities for use in another query. It’s easy to load tens or hundreds of result-based entities to a list.

Save Results To List

Creating a list allows you to query across that entire set of entities. These lists can be edited in the My Work area.

Your lists are also available for search directly in the query builder! You can search for a list just like any other item in Recorded Future, and further, can build additional entity lists out of those results. Let’s run through a quick example of how this would work.

Searching our new “Companies Targeted in Cyber Attacks” list, we’ll identify newly announced partners of those targeted companies. Here’s the search:

Partner Company Cyber Network

And below is the resulting network showing recent partners of companies targeted by cyber attacks last week. We’ll repeat the  process shown above by saving the discovered partner companies to a new list called “Partners of Companies Targeted in Cyber Attacks During January.” Using entity lists to build new lists that expand our knowledge of companies potentially affected down the cyber supply chain!

Network January Partner Companies

Live Visualization

Share Lists and Create Alerts

Many analysts using Recorded Future work as part of a team. List functionality was designed such that each item is shareable and can be leveraged across other product features such as email alerts and Recorded Future Cyber.

The visibility of lists for other analysts in your team can be configured from the lists space in My Work. Each list can be assigned as appropriate to individuals or the entire workgroup, to allow for viewing and use or enable collaborative editing rights.

Share Lists

Once lists are created, particularly those around a highly focused domain, you might like to set up an alert to be notified via email whenever new events occur involving any entities within a list.

For this guide, we’ll share an example from our list of RedKit Exploits. The below alert text shows how how lists and alerts can be combined for cyber threat intelligence.

RedKit Exploit Alert

Live Visualization

Ready to try using the “Save Result to List” feature? Bookmark the how-to article on our support site detailing how to build entity lists and then login to your Recorded Future account.

New call-to-action

Related Posts

Using Intelligence to Prioritize AWS Guard Duty Alerts

Using Intelligence to Prioritize AWS Guard Duty Alerts

March 10, 2021 • Meghan McGowan

Security operations teams are inundated with alerts and threats making it difficult for them to...

Announcing Security Intelligence for Splunk — For Free

Announcing Security Intelligence for Splunk — For Free

February 23, 2021 • Ellen Wilson

Today, we’re thrilled to announce the launch of a free 30-day trial of our integration for Splunk...

Special Delivery: Recorded Future Hunting Packages

Special Delivery: Recorded Future Hunting Packages

September 25, 2019 • The Recorded Future Team

Quickly detecting and preventing malicious activity is imperative to effectively protecting your...