Account Types: Analyst and Security Operations (SecOps)

Recorded Future has two basic types of user accounts: Analyst and Security Operations.

Analyst user accounts give broad access to investigation, analysis, alerting, and reporting capabilities. Analyst accounts are optimal for Threat Intelligence analysts, who need to interactively investigate emerging threats and define precisely tailored alert rules. Analyst user accounts are required for additional access to Cyber, Locations, and Executives dashboards.

Security Operations accounts (AKA SecOps) give narrower access to Intelligence Cards and Alert Notifications. Security Operations accounts are optimal for practitioners such as SOC operators and Incident Responders, who investigate alert rule notifications, indicators, and artifacts and refer more open-ended external threat investigations to their TI analyst colleagues.

The table below compares access levels for Analyst and Security Operations accounts.

Capability Analyst Security Operations
Intelligence Cards Yes Yes
Intelligence Card Extensions Yes Yes
Drill down to event details from Intelligence card or alert Yes  Yes
View all Threat Views Yes Yes
Alerts and Alert Emails Yes Yes
Collection Requests Yes Yes
View configuration items shared by Analysts Yes Yes
Write Analyst Notes Yes Yes
 ------  ---  ---
Create ad-hoc searches in Analyze mode Yes No
Create Alerting Rules Yes No
Save ad-hoc searches as Saved Queries Yes No
Manage Lists of Entities, Sources, References Yes No
Create Reports Yes No
Create Link Collections Yes No
Share configurations with other users Yes No
 ------  --- --- 
Cyber Dashboards With subscription  
Locations Dashboards With subscription  
Executives Dashboards With subscription  
Geofences With subscription  


With subscription means Analyst users can access the capability, depending on their organization's service subscriptions.

Was this article helpful?
0 out of 1 found this helpful

The content of this article is confidential and intended solely for the use of individuals with authorized access to the Recorded Future service. Do not download or distribute this article.
Have more questions? Submit a request


1 comment
  • If there are features the 'Analyst' has over 'Security Operations', there needs to be help or documents on those (i.e. "Create Alerting Rules").

Please sign in to leave a comment. Please note that your name will be displayed. If you would like to change how your name appears, please update your profile name.