Welcome to Recorded Future

Security teams from the SOC operators to vulnerability management to threat hunting  leverage Recorded Future to better understand threats to their environment. This guide provides a jump start for anyone just beginning (the n00bs of our community) and a refresher for veterans of Recorded Future.

What is Recorded Future?

Here's the short story if you're just getting to know us...

Recorded Future is a threat intelligence product that automatically collects and analyzes threat intelligence from technical, open, and dark web sources to provide invaluable context for faster human analysis and real-time integration with your existing security systems.

How Do I Get Help?

Our Support Site is always your best place to start if you need quick answers about how to use the product, the magic behind our machine, recent improvements, and more.

You should also know that we're always available - really, our whole team - and you'll get an answer from whoever is most expert on your issue. You can reach us by emailing support [at] recordedfuture.com or calling our 24/5 support line +1 (855) 476-9728, Monday through Friday.

You can also check the current operational status of the Recorded Future website and API.

On to the good stuff!

1. Signing In and Adjusting Settings

First things first: once you receive your account confirmation, you have 24 hours to make your first login!

The Subject line of the email is Your Recorded Future Account and it’s coming from no-reply [at] recordedfuture.com.

If you don’t receive this email, don’t worry, just hit us up at support [at] recordedfuture.com and we’ll work through it together.

We will deliver periodic product updates and system status messages if you've chosen to subscribe. In your "User Settings," there are options to adjust your user profile and password information.

2. Discovery and Orientation

Recorded Future organizes and visualizes a LOT of data. Here’s some tips to get you get started and quickly get to what you want:

  • Blue anything means a link. Whole words like Screen_Shot_2017-05-11_at_8.31.39_AM.pnggenerally mean the link is going to another place in Recorded Future. Also, anytime you see that little down pointy thing (we call it a chevron, but you can call in whatever) it means there is a list of visualizations from which you can choose.

We display the blue URL so you know if you’re going to be going outside the product, as well as throw a warning, like this one:

Screen_Shot_2017-05-11_at_8.27.19_AM.png

 

  • Red in the Product means this is something you should pay attention to, like a critical risk level of an IOC or a spike in mentions of a company as a target of a cyber attack.Screen_Shot_2017-05-11_at_8.37.36_AM.png
  • We use a bunch of icons to make the product friendlier to navigate. Don’t worry too much about what they are, we’ll get to that. Here are some examples:Screen_Shot_2017-05-11_at_8.41.16_AM.png
  • You may see this sunburst icon Screen_Shot_2017-05-11_at_8.47.42_AM.png in product which means that the Malware you’re looking at is very new. As you can see, we tell you when it was first spotted in our collection.
  • Seeing this star icon Screen_Shot_2017-05-11_at_8.49.58_AM.png means that this entity was manually edited by one of our team of intel analysts or data scientists to make sure you’re getting the very best results out of Recorded Future.

3. Pivoting and Research

Recorded Future is designed to save analysts time and frustration by aggregating, surfacing, and displaying all of the most important information relevant to your work. You can then use Recorded Future visualizations to get the answers you need:

  • Click out from Intel Cards to research. Recorded Future is designed to answer the most common research questions, by allowing you to use functions like Screen_Shot_2017-05-11_at_8.31.39_AM.pngto expand and visualize information.

Try to find all the cyber attacks related to APT28 here: https://app.recordedfuture.com/live/sc/3dj0d1noGMhB

Did you find it? You can dive in deeper by clicking on Table in the red box:

Screen_Shot_2017-05-11_at_12.27.01_PM.png

  • If you click on an entities without an Intel Card, you can choose from a group of pre-made queries, such asScreen_Shot_2017-05-11_at_12.19.59_PM.png
  • In Table View, you can find associations by using the Entity Tree on the right. This narrows references on screen to only the ones including the entities you select. From the query above, try finding only the references including the hashtag #fancybear.

 

Did you find it? You expand under Conversation and click #fancybear:

Screen_Shot_2017-05-11_at_12.34.43_PM.png

4. Tracking and Event Alerts

You'll want to alerts so you can stay on recent reporting and upcoming events by receiving notifications via email.

After running a query, simply click Alerting - found in the header - to receive notifications via email of newly reported information in Recorded Future matching your query.

Screen_Shot_2017-05-12_at_11.00.27_AM.png

Expert Tip: Find your Alerts in the Workspace page to manage alert frequency and settings.

5. Sharing

We know you have friends, colleagues, and connections on various social networks interested in the future of different topics.

You can share individual views with anyone, not just Recorded Future users, by using the "Share URL" in the upper right of the website header. Or distribute entire analyses via a report by sharing directly with other Recorded Future users.

Screen_Shot_2017-05-12_at_11.01.15_AM.png

6. Don't Panic

Asking the right question in the right way is an important part of the analytic process, and it may take a few tries to get just the right query in place.

Our index is accumulating events from over 750,000 unique sources (and we're adding new sources every day), but if you have concerns we don't cover enough of the sources in your world, send us a note and we'll make an effort to begin gathering more niche, targeted content.

Expert Tip: Try a free text search for exact keyword matches. Navigate to the advanced query box using the "Advanced" button in the upper left of the application. When you start typing a string in the "Involving" field you'll always find a row at the very bottom of the suggested options that reads "Text Match" for selecting and filtering on the specific string of your choosing.

7. Community Questions

The best way to get help is to send our team an email at support [at] recordedfuture dot com.

8. Help Resources and Tutorials

Our Support Site is always your best place to start if you need quick answers about how to use the product, the magic behind our machine, recent improvements, and more.

You should also know that we're always available - really, our whole team - and you'll get an answer from whoever is most expert on your issue. You can reach us by emailing support [at] recordedfuture.com or calling our 24/5 support line+1 (855) 476-9728.

We've also built up a library of short video tutorials and resources available on the Recorded Future training and events page and YouTube channel. Alternatively, contact your account manager or analyst from Intelligence Services and we'll help you out!

 

Was this article helpful?
4 out of 4 found this helpful

The content of this article is confidential and intended solely for the use of individuals with authorized access to the Recorded Future service. Do not download or distribute this article.
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment. Please note that your name will be displayed.