Fusion Use Case: Operationalizing Threat Indicators

April 26, 2018 • Karen Kiffney

In our last blog post, we talked about a strategic use case for the new analyst notes feature in Recorded Future Fusion. In this post, we are going to describe an operational use case for the exact same feature. Analyst notes are a new feature in Recorded Future Fusion that enables customers to add their own internal notes and analysis directly in the Recorded Future solution.

In this operational use case, the notes feature is used to capture the verdict and reasoning from research and investigations. Once the analyst has included all of the details in Recorded Future, the system automatically “reads” the notes and identifies the related entities including indicators of compromise and artifacts. Once the note is indexed, it is then integrated into the Recorded Future solution, and the note will appear in corresponding Intel Cards for any of the identified indicators. Lastly, the indicators can be tagged directly in the system to be added to risk lists — to a block list, for example. This way, when the block list is exported from Recorded Future, the newly validated indicators will be included automatically.

Operationalizing Indicators

In this example, analyst notes are used to streamline the process from research, to verdict, to integration in customized risk lists. This singular process works to ensure that nothing gets “lost,” and that the full value from the research and investigation is achieved and fully integrated into security processes.

In this blog series, we’ve covered four main use cases for Recorded Future Fusion, but the possibilities are nearly endless. From time to time, we’ll come back with new use cases from our customers.

New call-to-action

Related Posts

Special Delivery: Recorded Future Hunting Packages

Special Delivery: Recorded Future Hunting Packages

September 25, 2019 • The Recorded Future Team

Quickly detecting and preventing malicious activity is imperative to effectively protecting your...

With Security Control Feeds, Get Originated Threat Intelligence You Can Trust

August 6, 2019 • Zane Pokorny

Threat intelligence, by definition, should help you make informed decisions faster It needs to...

Staying 1 Step Ahead of the Bad Guys: How to Identify New Tools and TTPs

July 25, 2019 • Avia Navickas

Gathering intelligence is a never-ending job — there are always more leads to find and connect to...