Posted: 15th April 2022

Product Overview

ThreatConnect® arms organizations with a powerful defense against cyber threats and the confidence to make strategic business decisions. Built on the industry’s only intelligence-driven, extensible security platform, ThreatConnect provides a suite of products designed to meet the threat intelligence aggregation, analysis, and automation needs of security teams at any maturity level. More than 1,600 companies and agencies worldwide deploy the ThreatConnect platform to fully integrate their security technologies, teams, and processes with actionable threat intelligence resulting in reduced detection to response time and enhanced asset protection.

Challenges Overcome Through Integration

When security teams don’t collaborate and tools don’t communicate, critical gaps emerge. By making Recorded Future data available in ThreatConnect, you’re able to

  • build processes to identify the most relevant threats, proactively protect your network
  • quickly respond to incidents in a measurable way
  • ability to layer external threat data on top of internal telemetry data.

Integration Description

ThreatConnect has multiple integration points with Recorded Future. The Recorded Future Risk List integration ingests the IP, Domain, Hash and URL Risk Lists from Recorded Future into ThreatConnect as a source called “Recorded Future Risk List.” These datasets contain malicious indicators that can be used for correlation against internal telemetry data.

The Recorded Future Enrichment Playbook app will accept IP Address (Address), Domain (Host), and Hash (File) indicators and query the Recorded Future Connect API for on-demand enrichment of supported entities. Returned data is passed to downstream Playbook components in the form of output variables. This provides the latest intelligence on indicators from Recorded Future’s comprehensive breadth of sources.