Splunk

Posted: 15th April 2022
Splunk

Intelligence-Led Security Workflows

Splunk and Recorded Future Leverage the power of intelligence to correlate against internal telemetry data to detect risky IOCs, triage alerts faster, and proactively block threats before they impact business.

Why Recorded Future?

Recorded Future helps you to understand adversaries and their intent, what tools they are using, and who they are targeting. The Recorded Future Intelligence Graph:

  • Collects and structures adversary and victim data from text, imagery, and technical sources
  • Uses analytics to discover, analyze, and map associations across billions of entities in real time
  • Includes critical insights from our global team of world-class analysts
  • Delivers insights optimized for both user and technology workflows
By integrating Recorded Future with your Splunk environment, you are able to access this robust intelligence directly in Splunk Enterprise or Enterprise Security, Splunk SOAR, Splunk Mission Control, and Splunk Intelligence Management to prioritize response to threats and decrease time spent manually researching.

Robust Out-of-the-Box Functionality

Correlation Dashboards
Correlation Dashboards

Quickly identify threats in your environment by correlating Recorded Future risk scores with events in Splunk, and setting up use case specific correlation dashboards

Enrichment Dashboards
Enrichment Dashboards

Access complete context, evidence, and research from Recorded Future on indicators without ever leaving your Splunk environment. Recorded Future enrichment includes: Full Context, Recorded Future Links data, MITRE ATT&CK codes. Recorded Future Insikt Research and complete references from the Open, Deep and Technical Web

Recorded Future Alert Triage
Recorded Future Alert Triage

Use Splunk SOAR to triage Recorded Alerts. Create playbooks around your Recorded Future alerts to efficiently triage events as the happen.

Template Playbooks
Template Playbooks

Recorded Future offers playbooks to help users get started using Recorded Future data in their SOAR playbooks. Template playbooks help incorporate Recorded Future enrichment into any playbook.

Use Cases

Detect Threats

Proactively identify previously undetected threats in Splunk Enterprise and Enterprise Security to reduce risk

Splunk Enterprise and Enterprise Security

Detect Threats

Free Trial

Interested in exploring how you can use Recorded Future’s integration with your Splunk Enterprise or Enterprise Security environment to accelerate threat detection and response? Recorded Future now offers a 30-day free trial with Splunk. Sign up today to gain access to:

  • A comprehensive view of your threat landscape with an unprecedented quantity and variety of sources from the open and dark web, as well as exclusive technical sources
  • Real-time risk scores and context on IPs, domains, URLs, hashes, and malware for faster alert triage
  • High-confidence, out-of-the-box risk lists for detection of previously undetected threats

Resource