Integration Spotlight: Splunk

Recorded Future for Splunk provides real-time threat intelligence for SOC teams with a Splunk® security solution.

Product Overview

Security operations center (SOC) teams are inundated with alerts and events. Threat intelligence from Recorded Future creates clarity by adding rich context. We surface and deliver threat intelligence in real time from the widest breadth of open, technical, and dark web sources, helping you make informed verdicts. SOC analysts can efficiently dismiss false positives and capture threat context for true incidents.

Challenges Overcome Through Integration

Recorded Future for Splunk identifies indicators with elevated risk by analyzing web reporting, threat lists, and our own novel methods. And unlike IP or domain reputation lists, we deliver rich context so you can selectively apply indicators that match your security needs in event correlation and detection rules.

Integration Description

Splunk Enterprise and Splunk ES:

Add Recorded Future to your Splunk Enterprise or Splunk ES security solution. Augment your ES deployment with our threat intel content, drop our dashboards into your Enterprise deployment, or use our commands and lookups to configure the dashboards and alerts that precisely fit your needs.

Adaptive Response:

Recorded Future for Splunk leverages Adaptive Response Framework, which provides greater integration with Splunk ES. If you have Splunk ES 4.5 (or higher), you can:

  • Use Adaptive Response Actions to connect with Recorded Future manually or through automated processes.
  • Enrich IOCs from any Notable Event with context from Recorded Future.
  • View enrichment information in a custom dashboard.

Get started by downloading our Splunk certified Enterprise app or our Splunk-certified ES TA from Splunkbase.

Twitter: @Splunk

Website: www.splunk.com