Posted: 14th April 2022

Product Overview

Anomali ThreatStream aggregates threat intelligence under one platform, providing an integrated set of tools to support fast, efficient investigations, and delivering “operationalized” threat intelligence into security controls at machine speed. Additionally, ThreatStream accelerates the process of collecting all of your global threat data into a single high-fidelity set of threat intelligence

Challenges Overcome Through Integration

Aggregating multiple sources of threat intelligence data into a single place can be time-consuming and manual. Ensuring the data being aggregated is valuable requires laborious validation. The integration between Recorded Future and Anomali ThreatStream provides a seamless way to bring high fidelity datasets from Recorded Future’s comprehensive breadth of sources into ThreatStream for for rapid insights and streamlined investigation.

The integration between Anomali ThreatStream and Recorded Future allows security responders to

  • Detect and gain context on IOCs with real-time external intelligence to identify true incidents and dismiss false positives using the enrichment application
  • Proactively block threats before they impact the business using the Recorded Future risk lists
  • Reduce time for threat detection, remediation, and response

Integration Description

Recorded Future for Anomali ThreatStream allows organizations to quickly resolve security threats using external threat intelligence and rich context from Recorded Future directly on top of ThreatStream data. Analysts are able to view related risk and evidence assigned to IPs, Domains, Hashes, and URLs through the enrichment application. Full transparency is provided on the evidence applicable to any given IOC (indicator of compromise). Additionally, risky IOCs are grouped together and used to correlate against suspect observables on your network.

Using Recorded Future risk list feeds, analysts are able to correlate against high fidelity datasets from Recorded Future as a source within ThreatStream. Recorded Future risk rules are mapped to ThreatStream iTypes for use within security controls to stop threats faster.

As a result, security and threat analysts can make quick and effective decisions at critical moments.

Recorded Future for Anomali ThreatStream Recorded Future also offers the ability to integrate Recorded Future Insikt Group Notes into Anomali ThreatStream for faster, more confident analysis and response to threats. This capability is sold separately from our standard Anomali ThreatStream integration, as a complementary add-on.