Introduction
Recorded Future for Rapid7 InsightIDR uses Recorded Future's malicious risk lists to detect emerging threats. Recorded Future pushes 4 default Recorded Future risk lists into InsightIDR: IPs, Hashes, Domains and URLs. Each feed land as a Dynamic Threat Feed inside of InsightIDR and is updated once every 24 hours with the latest indicators from Recorded Future.
Hashes, Domains and URLs. Currently there aren’t data customization options for what feed gets pushed into a client’s environment.
When configured correctly the client should be able to see indicators in populated in their Recorded Future Threat Feed (See Investigations > Configure Threats > Scroll to look for the ‘Recorded Future Threat Feed’)
Setting Up Recorded Future for InsightIDR
The Recorded Future for InsightIDR integration is set up through Recorded Future support. A support ticket should be submitted via our Integration Support ticket form with the following information:
- Integration Partner Category: Recorded Future Owned Integration
- Premier Integration: Rapid7 InsightIDR
- Select Your Problem: New Installation
- Integration Platform Version: v1.0
-
Ticket Description - Please include the following prerequisites:
- Valid Recorded Future API token
- Rapid7 Region (usually in the Server URL)
- Rapid7 API Key (how to generate Rapid7 API Key)
-
Rapid7 Threat Key (how to generate Rapid7 Threat Key)
SLA for client setup will be 12-24 working hours. The client will see Recorded Future data flowing into their Rapid7 InsightIDR platform once the connection has successfully been set up. Currently there aren’t data customization options for what feeds gets pushed into a client’s environment.
Additional Note:
Since InsightIDR is viewed through a web browser, Recorded Future's web browser extension may also be used to get on-demand enrichment of IOCs on the page.