Enrichment Dashboards

The enrichment dashboards in Splunk provide concise summary of information Recorded Future has collected and analyzed on the selected entity (IP address, domain, hash, etc.), which can be entered manually in the upper left of the dashboard OR via a workflow action from another Splunk dashboard (see this support page for setting up workflow actions).

The top of the enrichment dashboards show a quick summary of risk information, including Recorded Future's risk score and risk rules.  More information about risk scoring in Recorded Future is available in several support pages found here.

Screen_Shot_2018-05-09_at_4.24.10_PM.png

Immediately below the risk section is some additional information that is typically entity-dependent.  For example, the cyber vulnerability enrichment dashboard includes a summary of NVD information.  Also, if there are any research notes from Recorded Future's Insikt group, they would appear in this section.  Below those sections, a timeline of references is included (as a horizontal bar chart).

Screen_Shot_2018-05-09_at_4.24.28_PM.png

For context, we show co-occurring entities as 'related entities' in the sections below the timeline.  These related entities are attackers, malware, other IOCs, etc., that appear in references alongside the entity we are getting enrichment for (the IP address 184.168.221.96 in this example).

Screen_Shot_2018-05-09_at_4.24.41_PM.pngScreen_Shot_2018-05-09_at_4.24.52_PM.png

Finally, we include some representative references that include a mention of the entity being enriched.  Screen_Shot_2018-05-09_at_4.25.06_PM.pngScreen_Shot_2018-05-09_at_4.25.16_PM.png

For those familiar with the Recorded Future web-based portal, these enrichment pages are designed to mimic the Intelligence Cards available through our portal.

Was this article helpful?
0 out of 0 found this helpful

The content of this article is confidential and intended solely for the use of individuals with authorized access to the Recorded Future service. Do not download or distribute this article.
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment. Please note that your name will be displayed. If you would like to change how your name appears, please update your profile name.