Enrichment of Indicators and Observables
Intelligence via the API can deliver valuable context for indicators of compromise, malware, and vulnerabilities. You can see evidence of a specific indicator on threat lists, the dark web, or paste sites. An accompanying risk score, calculated by examining this evidence, is also available.
Correlating With Alerts and Events
By downloading risk lists of IP addresses, hashes, and vulnerabilities, you can correlate this intelligence, including current risk scores and evidence, with your internal logging and alert data. This context can be used by analysts to make faster, more accurate security decisions.
Monitoring for Risks and Threats
The API ensures that the data you call on is relevant to your security. Create your own watch list in Recorded Future's web app and use the API to monitor the entities in the list for intelligence that triggers specific risk rules or meets a particular risk score.