Fusion Use Case: Operationalizing Threat Indicators
See Intelligence-Led Security In Action Attend a Live Product Demo

Fusion Use Case: Operationalizing Threat Indicators

April 26, 2018 • Karen Kiffney

In our last blog post, we talked about a strategic use case for the new analyst notes feature in Recorded Future Fusion. In this post, we are going to describe an operational use case for the exact same feature. Analyst notes are a new feature in Recorded Future Fusion that enables customers to add their own internal notes and analysis directly in the Recorded Future solution.

In this operational use case, the notes feature is used to capture the verdict and reasoning from research and investigations. Once the analyst has included all of the details in Recorded Future, the system automatically “reads” the notes and identifies the related entities including indicators of compromise and artifacts. Once the note is indexed, it is then integrated into the Recorded Future solution, and the note will appear in corresponding Intelligence Cards™ for any of the identified indicators. Lastly, the indicators can be tagged directly in the system to be added to risk lists — to a block list, for example. This way, when the block list is exported from Recorded Future, the newly validated indicators will be included automatically.

Operationalizing Indicators

In this example, analyst notes are used to streamline the process from research, to verdict, to integration in customized risk lists. This singular process works to ensure that nothing gets “lost,” and that the full value from the research and investigation is achieved and fully integrated into security processes.

In this blog series, we’ve covered four main use cases for Recorded Future Fusion, but the possibilities are nearly endless. From time to time, we’ll come back with new use cases from our customers.

New call-to-action

Related Posts

Using Intelligence to Prioritize AWS Guard Duty Alerts

Using Intelligence to Prioritize AWS Guard Duty Alerts

March 10, 2021 • Meghan McGowan

Security operations teams are inundated with alerts and threats making it difficult for them to...

Announcing Security Intelligence for Splunk — For Free

Announcing Security Intelligence for Splunk — For Free

February 23, 2021 • Ellen Wilson

Today, we’re thrilled to announce the launch of a free 30-day trial of our integration for Splunk...

Special Delivery: Recorded Future Hunting Packages

Special Delivery: Recorded Future Hunting Packages

September 25, 2019 • The Recorded Future Team

Quickly detecting and preventing malicious activity is imperative to effectively protecting your...