Introduction
The Recorded Future integration with ServiceNow Threat Intelligence Security Center (TISC) enables organizations to leverage real-time threat intelligence and enhance their security operations. This integration consists of two main components:
- Feeds: Automatically ingest threat intelligence feeds into TISC.
- Enrichment: Enhance observables with contextual threat intelligence.
This guide outlines the prerequisites, installation, and configuration steps for both components.
Prerequisites
- ServiceNow TISC: Ensure your ServiceNow environment includes Threat Intelligence Security Center.
-
User Roles:
- sn_sec_tisc.admin: Required for configuration.
- sn_sec_tisc.analyst: Required for running enrichment tasks.
- Recorded Future API Key: Obtain from your Recorded Future account.
Installation Steps
1. Feeds Component Installation
- Navigate to the Integrations section within TISC.
- Select Feed Integrations and click Configure New Feed.
- Choose STIX/TAXII as the data source.
- Enter the following:
- Feed Name: (Your preferred feed name)
- Recorded Future API URL: https://api.recordedfuture.com/gw/servicenow-sir
- Recorded Future API Token: (Your token)
- Click Save to activate the feed.
Refer to the attached TISC - RF STIX TAXII Feed.pdf for detailed setup instructions.
2. Enrichment Component Installation
- Search for Recorded Future for TISC in the ServiceNow store.
- Install the application.
- Under TISC, navigate to All Integrations > Enrichment Integrations.
- Click Configure New Enrichment and select Observable Enrichment.
- Select Recorded Future for TISC and provide:
- Integration Name
- Recorded Future API Key
- Save the configuration.
Refer to the attached Application Installation and Configuration Guide - Recorded Future for TISC.pdf for more details.
For further assistance, contact Recorded Future Support at support@recordedfuture.com.