Recorded Future Alerts for Anomali ThreatStream

Updated

Overview

Recorded Future is continuously harvesting data from Open, Deep, and Dark Web sources in real-time including Social media, Forums, Blogs, IRC channels, Paste sites, email groups, onion sites via TOR, and more through a range of collection mechanisms. Thousands of sources are added to our index for customers each week and are currently mining and cross-correlating data from over 750,000+ sources in seven languages with a patented Temporal Analytics™ Engine.

The Recorded Future Alert Feed for Anomali ThreatStream enables:

  • Delivery of Recorded Future Alert details consumed in Anomali ThreatStream (TS) as Incidents via an Anomali TS Feed.
  • Triaging Recorded Future Classic Alerts and Playbook Alerts with the full alert details context directly in the Anomali TS.
  • Review trending Intelligence Goals Library (IGL) data.
  • Ability to document historical credential leaks.

The Recorded Future Alert Feed for Anomali TS enables better alert triaging by adding relevant and comprehensive context.

Screenshot 2023-10-27 at 11.11.37.png

Application Functionality
Recorded Future Alerts application’s functionality is underpinned by the Recorded Future API, which is the repository from which Anomali TS retrieves the Recorded Future Classic Alerts and Playbook Alerts. The Feed fetches alert details and feeds them to Anomali TS as Incidents. This makes the alert context ready for triaging within Anomali TS.

 

Recorded Future Classic Alerts
The following classic alerts are supported:

  • Intelligence Goal Library (IGL) Alerts
  • Custom Alerts

Every Incident created from a Recorded Future Classic Alert contains:

  • Tags
  • Link to the Recorded Future Platform for further analysis
  • Alert Trigger time
  • Alert references tables
  • Recorded Future AI Insights

Recorded Future Playbook Alerts
The following playbook alerts are supported:

  • Cyber Vulnerability
  • Data Leakage on Code Repository
  • Domain Abuse
  • Identity Novel Exposures
  • Third Party Risk

Installation
The preferred installation method for the Recorded Future Alert Feed is through the Anomali TS App Store.

Configuration
Once the application is installed please set the Recorded Future token and click Activate.

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section