Recorded Future Announces Its Participation in Splunk's Adaptive Response Initiative | Recorded Future

Recorded Future Announces Its Participation in Splunk’s Adaptive Response Initiative

September 28, 2016 • Glenn Wong

Earlier this year, Splunk announced their Adaptive Response Initiative — an effort bringing best-in-breed security capabilities together in ways that will improve an organization’s ability to defend against advanced attacks.

At the core of the initiative is a new version of Splunk Enterprise Security, scheduled to be generally available soon, that facilitates bi-directional integrations from security partners. Through these integrations, each partner’s unique capabilities can be coordinated and used for faster threat validation, systematic defensive actions, and better overall security posture.

Since we heard about this initiative at the March, 2016 RSA Conference, we’ve been interested in joining this select group of partners and enhancing the capabilities of our Splunk ES integration.

Today, we’re very pleased to be included in Splunk’s announcement about the expanded initiative.

Practically speaking, we’ve developed a feature using the Adaptive Response Framework that allows an analyst to dispatch an “Enrichment Action” on any notable event. This action, which can be applied to any IP address, domain, hash, or cyber vulnerability, will pull in rich context from Recorded Future (e.g., a comprehensive real-time view of everything that’s publicly known about the given entity) into Splunk.

For IP addresses, hashes, and cyber vulnerabilities, Recorded Future risk scores are also delivered into Splunk and include references to the evidence from which the risk scores were derived.

Splunk Adaptive Response

Recorded Future Enrichment workflow using Splunk’s Adaptive Response Framework.

While seeming simple in workflow, this is a huge improvement from the current version of Splunk ES and opens up the door for additional automation and coordinated security actions.

As with our own OMNI Intelligence Partners program launched earlier this year, we believe building and supporting integrated capabilities between security products and services is in the best interests of our customers and an important direction the entire security industry is taking. Splunk’s Adaptive Response Initiative is another example of an integrated ecosystem and we’re extremely excited to be part of it.

Watch the video below to learn more.

New call-to-action

Related Posts

How The Stadtwerke Klagenfurt Group Reduces Risk to Critical Infrastructure

How The Stadtwerke Klagenfurt Group Reduces Risk to Critical Infrastructure

November 17, 2020 • The Recorded Future Team

Key Takeaways The Stadtwerke Klagenfurt Group delivers essential municipal services,...

Security Intelligence Handbook Chapter 2: Examining Operational and Strategic Security Intelligence

Security Intelligence Handbook Chapter 2: Examining Operational and Strategic Security Intelligence

November 12, 2020 • The Recorded Future Team

Editor’s Note: Over the next several weeks, we’re sharing excerpts from the third edition of...

How Predict 2020 Disrupted the Status Quo

How Predict 2020 Disrupted the Status Quo

October 9, 2020 • The Recorded Future Team

While Predict 2020 looked a bit different this year, the world’s largest security intelligence...