Overview
Recorded Future is continuously harvesting data from Open, Deep, and Dark Web sources in real-time including Social media, Forums, Blogs, IRC channels, Paste sites, email groups, onion sites via TOR, and more through a range of collection mechanisms. Thousands of sources are added to our index for customers each week and are currently mining and cross-correlating data from over 750,000+ sources in seven languages with a patented Temporal Analytics™ Engine.
The Recorded Future application for IBM QRadar enables:
- Delivery of Recorded Future Alert details consumed in IBM QRadar as events via custom Recorded Future log sources.
- Triaging Recorded Future Alerts and Playbook Alerts with the full alert details context directly in the IBM QRadar product.
- Review trending Inteligence Goals Library (IGL) data.
- Ability to document historial credential leaks
The Recorded Future Alerts application for IBM QRadar enables better alerts triaging by adding relevant and comprehensive context.
Using the Recoded Future Alerts for QRadar App users can create offenses from Recorded Future alerts. It also comes with preconfigured overview dashboards and alert specific dashboards to view the details of Recorded Future alerts for faster triage
System Requirements
- IBM QRadar version 7.4.1 Fix Pack 2 or higher
- IBM QRadar Authorized Services Token (Admin)
- Recorded Future Alerts for QRadar Token
- TCP Port 514 open from QRadar server where the application is running to the syslog destination
- Recorded Future account for accessing content when pivoting outside IBM QRadar to the Recorded Future platform
- If you are running an uncertified version of the Recorded Future Alerts for QRadar app, you must fully delete the app before installing the new version from the XForce Market Place.