Introduction
Recorded Future for Google Security Operations elevates the integration experience across the entire Google Security Operations Platform. It enhances SIEM functionality by incorporating Recorded Future Intelligence for enriched data and improved correlation, facilitating quicker triage of security incidents. Additionally, it integrates Recorded Future Alerts into SOAR components, streamlining the automation and response to these alerts for a more efficient security operations workflow.
SIEM (Beta)
This integration uses a Google SecOps ingestion script to push Recorded Future intelligence to Google’s Unified Data Model Entity Graph. Key Features include:
- Risk Lists: Use default or customized risk lists to pull malicious indicators into your environment for logic enrichment and detection
- Correlation Rules: Pre-built Yara-L rules to automatically correlate internal log telemetry against Recorded Future Intelligence to detect and prioritize threats as they are coming into the SIEM.
- Dashboards: Pre-built visualizations to easily understand and prioritize threats detected in your environment
Full documentation on the integration including detailed installation steps can be found in GitHub.
SOAR
This integration is now available in the Google Security Operations Marketplace. (You need to be logged in to Google SecOps to view this integration).
Key Features include:
- Collective Insights: Seamlessly write detections from Google SecOps SOAR into Recorded Future Collective Insights. This means your SecOps Dashboard will be populated with detections created in Security Operations, enriched with Recorded Future intelligence, and ready to be leveraged to build your threat landscape around what you are detecting in the wild.
- Improved Enrichment: Look forward to comprehensive enrichment data for IPs, Hashes, Domains, URLs, and Vulnerabilities. These insights will empower you to make more informed decisions with greater ease.
- Recorded Future Classic Alerts: Recorded Future alert details will be fully integrated and displayed in Google SecOps SOAR, giving your analysts a more robust tool for triaging and responding to alerts.
- Recorded Future Playbook Alerts: Full integration of Recorded Future Alerts into Google SecOps SOAR enhancing your ability to manage and threats such as domain abuse, code repository exposure, critical vulnerability, brand mentions on the dark web, leaked credentials and more.
Full documentation on this integration and detailed installation steps can be found in the Install Guide.
Support
Please reach out to Recorded Future Support at support@recordedfuture.com for further queries and additional assistance needed during the installation process.