Recorded Future has two basic types of user accounts: Analyst and Security Operations.
Analyst user accounts give broad access to investigation, analysis, alerting, and reporting capabilities. Analyst accounts are optimal for Threat Intelligence analysts, who need to interactively investigate emerging threats and define precisely tailored alert rules. Analyst user accounts are required for additional access to Cyber, Locations, and Executives dashboards.
Security Operations accounts (AKA SecOps) give narrower access to Intel Cards and Alert Notifications. Security Operations accounts are optimal for practitioners such as SOC operators and Incident Responders, who investigate alert rule notifications, indicators, and artifacts and refer more open-ended external threat investigations to their TI analyst colleagues.
The table below compares access levels for Analyst and Security Operations accounts.
|Intel Card Extensions||Yes||Yes|
|Drill down to event details from intel card or alert||Yes||Yes|
|View all Threat Views||Yes||Yes|
|Alerts and Alert Emails||Yes||Yes|
|View configuration items shared by Analysts||Yes||Yes|
|Create ad-hoc searches in Analyze mode||Yes||No|
|Create Alerting Rules||Yes||No|
|Save ad-hoc searches as Saved Queries||Yes||No|
|Manage Lists of Entities, Sources, References||Yes||No|
|Create Link Collections||Yes||No|
|Share configurations with other users||Yes||No|
|Cyber Dashboards||With subscription|
|Locations Dashboards||With subscription|
|Executives Dashboards||With subscription|
With subscription means Analyst users can access the capability, depending on their organization's service subscriptions.