Recorded Future Collective Insights for Sumo Logic Cloud SIEM

Updated

Introduction

Recorded Future's Collective Insights is a new type of Recorded Future analytics that provides a complete view of the threats that matter to your organization. Collective Insights allows you to analyze detected incidents and create an intelligence resource for use in two ways:

  • Gain a comprehensive view of detections across your infrastructure and controls
  • Use anonymized data to create visualizations and analytics that compare the entire threat landscape for your enterprise with specific industries and geographies

For more information on Recorded Future’s Collective Insights, please see the Getting Started with Collective Insights page for more information.

The Collective Insights Connector for Sumo Logic Cloud SIEM forwards the following data fields to Recorded Future:

  • Id: Unique ID of the signal
  • Name: Name of the signal
  • Timestamp: Timestamp of first log record for this signal
  • ContentType: Type of content in the signal
  • Target: Destination of the signal
  • Value: Value of indicator associated with the signal
  • ObjectType: Type of object related to value in the signal
  • ListId: Unique identifier for list within Cloud SIEM

 

Getting Started

To enable the Recorded Future integration for Sumo Logic Cloud SIEM, navigate to the Integration Center in the left-hand menu. 

Click the Sumo Logic tile.

 

You will see additional details and resources for the integration. Click the blue Set up button.

Note: You must be an administrator to see the Set up button.

 

Enter the requested information in the setup modal that displays and click the Activate button.

 

  • Connector Name: Collective Insights Connector For Sumologic
  • Access ID and Access Key: One of the supported authentication mechanisms in Sumologic. Please refer to this article for steps to generate them. 
  • Region: Region of your the Sumologic Cloud SIEM instance. Please refer to this article to learn more about supported regions.
  • Detection Parameters 
    • Minimum Severity: Severity levels to be applied to the events before being sent to Collective Insights
    • Pull limit: Number of events to pull from Sumologic Cloud SIEM
    • Connector Update Frequency: The frequency with which you want to update the Connector (default: 30 minutes)
  • Custom Parameters
    • Custom Filter String: Use the filter string to narrow down the events to be sent to Collective Insights
  • Initial Import
    • Detections Created Last: The duration of historical information that Recorded Future will pull based on the initial setup. The default range is 1 day; ranges longer than the previous 24 hours may cause delays in the setup process.

 

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
1 out of 1 found this helpful

Articles in this section

See more