Table of Contents
Introduction
threatER is a comprehensive cybersecurity platform that provides active network defense by automating the enforcement, deployment, and analysis of cyber threats at scale. threatER offers a wide range of solutions to proactively and automatically safeguard organizations against cyber threats. Their patented solution effectively blocks all known threats, enabling the rest of the modern cybersecurity stack to do its job more efficiently. Your security stack is better with threatER.
With the Recorded Future integration in place, threatER can automatically access and block IPs and domains from Recorded Future's list of threat indicators.
Partner URL: www.threatER.com
Prerequisites
- Recorded Future API Key
- threatER API Key
- Admins should prepare ‘Risk Level’ when setting up the external list (See
Installation Steps
IP List Details for Recorded Future
- Navigate to Collect > Lists in the left-hand navigation menu and select the Create button in the top-right corner to get started.
- The Recorded Future integration is available for the following IP and domain List Types: Block
- Provide the following information under List Details (* indicates required field):
- Name* : Unique list name required
- Source*: Options include Manual or Plugin but for integrations, select Plugin
- List Type*: Options include Block, Allow, Threat, but for this Plugin choose Block
- Indicator*: Options include IP or Domain but in this example, select IP
- Description: A brief summary of the list
- Select Next to proceed to the Set Up External List step once all required fields are complete.
- Set Up External IP List for Recorded Future Integration
- Enter the following fields for the Recorded Future Plugin:
- Plugin Name: Select Recorded Future
- Interval: Time between each pull in minutes
- API Key: The API to easily synchronize the Threat Intelligence available in Recorded Future to threatER
- Risk Level: A number scale between 1 to 100 that determines which rules are currently triggered. The highest severity level associated with an indicator determines the base score:
- Very malicious: 90
- Malicious: 65
- Suspicious: 25
- Unusual: 5
- Click Next to move on to the Applies to Policy step.
- Enter the following fields for the Recorded Future Plugin:
- Apply Recorded Future list to Policies
- Entries within an IP list are not blocked until the list is applied to a policy. To apply this new list to a policy, select the applicable policies.
- Scroll to the bottom and select Create List to set up the IP list. It may take 15-60 minutes for lists to fully populate. If it is urgent that an IP be blocked immediately, create a manual list and add the IP for immediate effect.
Support
For more information, please contact support at support@threater.com.