Enrichment Dashboards

The enrichment dashboards in Splunk provide concise summary of information Recorded Future has collected and analyzed on the selected entity (IP address, domain, hash, etc.), which can be entered manually in the upper left of the dashboard OR via a workflow action from another Splunk dashboard (see this support page for setting up workflow actions).

The top of the enrichment dashboards show a quick summary of risk information, including Recorded Future's risk score and risk rules.  More information about risk scoring in Recorded Future is available in several support pages found here.

enrichment-dashboards-01.png

Immediately below the risk section is some additional information that is typically entity-dependent.  For example, the cyber vulnerability enrichment dashboard includes a summary of NVD information.  Also, if there are any research notes from Recorded Future's Insikt group, they would appear in this section.  Below those sections, a timeline of references is included (as a horizontal bar chart).

enrichment-dashboards-02.png

For context, we show co-occurring entities as 'related entities' in the sections below the timeline.  These related entities are attackers, malware, other IOCs, etc., that appear in references alongside the entity we are getting enrichment for (the IP address 184.168.221.96 in this example).

enrichment-dashboards-03.png enrichment-dashboards-04.png

Finally, we include some representative references that include a mention of the entity being enriched. enrichment-dashboards-05.png enrichment-dashboards-06.png

For those familiar with the Recorded Future web-based portal, these enrichment pages are designed to mimic the Intelligence Cards available through our portal.