Threat Intelligence Trial FAQ

General

Which team could benefit from a trial of Threat Intelligence?

  • Threat Intelligence provides information needed to prioritize threats that are most relevant to your organization. Chief Information Security Officers, security operations, and threat analysts use Threat Intelligence to direct limited resources by answering questions like:
    • What is my unique threat landscape compared to others in my industry or compared to the global cyber landscape?
    • What are the most likely or most harmful threats to my organization?
    • What are the threats that I should be prioritizing?
    • How did my threat landscape change from the day, week, month, year prior?
    • Why did my threat landscape change and what is the evidence that contributed to that?

What do I get access to during the trial?

  • Your trial includes full access to the following:
    • Threat Actor and Malware Threat Maps to prioritize what matters to your organization
    • Ability to create custom searches and alerts with the Advanced Query Builder
    • Pre-configured alerts for monitoring (ransomware, phishing campaigns, exploit kits, etc.)
    • Ability to perform detailed malware analysis using the Malware Sandbox
    • Detailed analysis in Threat Actor Intelligence Cards
    • Hunting packages

What do I get that’s different from SecOps Intelligence?

  • Threat Intelligence provides advanced customization and extensive monitoring capabilities compared to SecOps Intelligence. Threat Intelligence provides access to more than a dozen pre-configured alerts for early detection as well as the ability to completely customize alerts to meet your specific monitoring needs using the Advanced Query Builder and Custom Lists. Threat Maps also provide a fully customizable view of threat actors and malware that are most relevant to your organization, making it easy to prioritize efforts to have the most impact. 

Can anyone on my team start a trial?

  • Yes, any Recorded Future user in your organization can start a trial from the Threat Intelligence landing page here.

Will I be charged once my trial ends?

  • There are no commitments or purchase requirements during or after your trial. Once your trial ends, we’d love to hear your feedback on your experience, but it's at your discretion if and when you want to continue with our sales team to purchase the Threat Intelligence module. 

What integration options are available?

  • Integrations are available for common Security Information and Event Management (SIEM) tools, including:
    • Splunk
    • LogRhythm
    • IBM Security
    • McAfee

How do I . . .

Customize the Threat Maps to my organization?

  • Both the Threat Actor and Malware Threat Maps are powered by the entities available in the Watch Lists below. As each Watch List is updated to reflect your organization, the Threat Maps will adjust to display more relevant information. The more Watch Lists you keep up-to-date, the more relevant and actionable your Threat Maps will become.

    Watch Lists
    • Domain
    • IP
    • Brand Names
    • Targets
    • Executive
    • Third-Parties
    • Industry Peers
    • Industry 
    • Location
    • Vulnerability
    • Method
    • Tech Stack

Use the Advanced Query Builder to create a custom alert?

  • The Advanced Query Builder provides completely customizable options to create searches using filters on events, sources, and any exclusions. Once you’ve created a query that meets your needs, click on the “Create Alert” link at the top right of the page and configure your alert in the pop-up window.

Create a custom list to use in the Advanced Query Builder?

  • There are several ways to create a custom list. Using the Workspaces tab on the left-hand main menu, click on the “Lists” sub-menu item. Click “New . . .” from the top of the table and select what type of list you’d like to create. You have the option of creating a list of entities, a list of sources, analyst notes, or link collections. 
    Screenshot 2023-09-11 at 8.08.40 AM.png

    Alternatively, you can create a new list from any Intelligence Card by clicking on the three dots on the top right of the card, selecting “Add to list”, and selecting “New List . . .”
    pasted image 0.png

Access the Malware Sandbox?

  • You can access the malware sandbox directly from Threat Intelligence home by clicking on the Sandbox Analysis button in the upper right corner of the page. You can also go directly to the sandbox by typing in the URL to your web browser.

 

 

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section