Getting Started - Recorded Future for Rapid7 InsightIDR

Introduction

Recorded Future for Rapid7 InsightIDR uses Recorded Future's malicious risk lists to detect emerging threats.  Recorded Future pushes 4 default Recorded Future risk lists into InsightIDR: IPs, Hashes, Domains and URLs. Each feed land as a Dynamic Threat Feed inside of InsightIDR and is updated once every 24 hours with the latest indicators from Recorded Future.

Hashes, Domains and URLs. Currently there aren’t data customization options for what feed gets pushed into a client’s environment.  

When configured correctly the client should be able to see indicators in populated in their Recorded Future Threat Feed (See Investigations > Configure Threats > Scroll to look for the ‘Recorded Future Threat Feed’) 

Screen_Shot_2021-10-27_at_4.24.16_PM.png

 

Setting Up Recorded Future for InsightIDR

The Recorded Future for InsightIDR integration is set up through Recorded Future support. A support ticket should be submitted via our Integration Support ticket form with the following information:

  • Integration Partner Category: Recorded Future Owned Integration
  • Premier Integration: Rapid7 InsightIDR 
  • Select Your Problem: New Installation
  • Integration Platform Version: v1.0 
  • Ticket Description - Please include the following prerequisites:

SLA for client setup will be 12-24 working hours. The client will see Recorded Future data flowing into their Rapid7 InsightIDR platform once the connection has successfully been set up. Currently there aren’t data customization options for what feeds gets pushed into a client’s environment.

Additional Note:

Since InsightIDR is viewed through a web browser, Recorded Future's web browser extension may also be used to get on-demand enrichment of IOCs on the page.  

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more