Enrich Splunk with Intelligence
Splunk Enterprise/Enterprise Security + Recorded Future Harness the power of Recorded Future’s Intelligence Graph to immediately view complete context on threats from adversaries and intent, to the infrastructure they build, to the organizations they target, without ever leaving your Splunk environment.
Why Recorded Future?
Recorded Future helps you to understand adversaries and their intent, what tools they are using, and who they are targeting. The Recorded Future Intelligence Graph:
- Collects and structures adversary and victim data from text, imagery, and technical sources
- Uses analytics to discover, analyze, and map associations across billions of entities in real time
- Includes critical insights from our global team of world-class analysts
- Delivers insights optimized for both user and technology workflows
Robust Out-of-the-Box Functionality
Risk Scores help identify malicious indicators across IPs, hashes, domains, malware, URLs, and CVEs so teams can quickly see the severity of a threat.
Quickly identify threats in your environment by correlating Recorded Future risk scores with events in Splunk, and setting up use case specific correlation dashboards
Access complete context, evidence, and research from Recorded Future on indicators without ever leaving your Splunk environment. Recorded Future enrichment includes: Full Context, Recorded Future Links data, MITRE ATT&CK codes. Recorded Future Insikt Research and complete references from the Open, Deep and Technical Web
Access correlation dashboards out-of-the-box, enabling security teams to identify threats in their environment with the Recorded Future risk score provided directly within the dashboard.
Prioritize the most critical alerts in your environment with Recorded Future dashboards that:
- Correlate Recorded Future risk lists with events in your Splunk environment
- Identify the most critical threats by bringing in risk scores that hit a minimum level, eliminating non-critical events from the dashboard
Access robust intelligence inside of Splunk with enrichment functionalities, either through ad hoc lookup or by pivoting from the correlation dashboard. The Recorded Future integration for Splunk provides similar information from an Intelligence Card, so analysts never have to leave the Splunk platform to access everything they need to know about an IP, domain, hash, URL, CVE, or malware. Within these pages analysts can access risk scores, risk rules, evidence for severity, technical links including MITRE ATT&CK mapping, and insights from our analyst group, Insikt.
Bring Recorded Future Alerts Into Splunk
Use the Recorded Future alerting dashboard to view and triage your Recorded Future alerts right in Splunk. All alerts set up in Recorded Future can be accessed and viewed in Splunk. Recorded Future alerts cover a wide spectrum of use cases including: typosquat detection, brand mentions on sensitive sources, and critical vulnerabilities related to your technology stack, trending malware and threat actors related to specific industries.
Visualize and pivot through evidence-based relationships between indicators to better understand adversaries and their methods
Interested in exploring how you can use Recorded Future’s integration with your Splunk environment to accelerate threat detection and response? Recorded Future now offers a 30-day free trial with Splunk Enterprise or Enterprise Security. Sign up today to gain access to:
- A comprehensive view of your threat landscape with an unprecedented quantity and variety of sources from the open and dark web, as well as exclusive technical sources
- Real-time risk scores and context on IPs, domains, URLs, hashes, and malware for faster alert triage
- High-confidence, out-of-the-box risk lists for detection of previously undetected threats