Use Case: Alert Management

Many clients use Recorded Future to monitor for new mentions of topics, entities, or events of particular interest.  Alerts can be set up by analytics users to fire off when these new mentions are detected across any of the sources that Recorded Future collects from.

Alerts are delivered via email and available within the Recorded Future portal; there is also Alert API operations that can be used to integrate alerts into other applications (ticketing systems, or SOAR workflows).

This support page describes a suggested approach for using the API for Alert Management.  Below are example screenshots from the Recorded Future portal; the Alert API operations are designed to provide programmatic access to the basic information on each of these screens.

 

Above: example of the Alert dashboard within the Recorded Future portal

 

Above: example of the specific details for a given alert; this particular alert monitors for new references to the IP address 141.8.224.93

 

Important Note: The Alert API now includes an "update" operation that allows programmatic access to write back information to an alert.  The 3 fields that can be updated include (1) alert status, (2) alert assignee, and (3) notes on an alert. With this "update" operation, Recorded Future alerts can be wholly managed outside of the portal; however, alert rules and general configuration still need to be done within the portal itself. See this support page on the Alert API for additional details.

 

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section