Better Together with Splunk and Recorded Future

We recently announced a partnership with Recorded Future, and I want to make sure you know why this collaboration is so exciting.

Sometimes we think we know what we’re getting when we hear a term like “threat intelligence” and assume we know all the things it can do for us. I mean, that’s just a list of IPs and domains to match on my network data, right?

Wrong.

If you’re already utilizing the Recorded Future App for Splunk, you will have seen the incredible progression this app has made over the past year. When I first started working with their team to seamlessly integrate Risk-Based Alerting (RBA) into the app, I was already blown away by the amount of functionality and how intuitively it was designed. Seeing every IOC with individual rules which explain why an IP, domain, URL, vulnerability, or hash generated that overall score warmed my heart. It’s that kind of RBA-esque aggregation and cohesive context that analysts desperately need to make accurate and efficient decisions.

If you don’t know me, I’m the gal who won’t keep quiet about the gospel of Risk-Based Alerting, and this is going to set the bar for Splunk apps integrating RBA going forward. The power of having this curated, context-rich threat intelligence in conjunction with RBA is an exciting combination.

Some other recently developed features:

Recorded Future Enrichment / Threat Hunt Adaptive Response Actions

Enrich fields within your already existing notables, or fire off one-time historical searches to automatically integrate that context into your alerts.

Recorded Future’s SIGMA + YARA Ruleset

If you’ve got the right data, just point the app at your relevant Splunk data and you’re set, no custom SPL required for over 100 additional detections.

Recorded Future Playbook Alerts

Continuous monitoring of IOCs – including domain registration information, logo detection, and typosquatting – will automatically update your alerts with relevant information.

And in case you’re not familiar with all of its ongoing features, you’ve got a suite of built-in dashboards for detections of Recorded Future threat intelligence indicators in your environment or exploring the details and interconnections of individual IOCs.

Please join me and Recorded Future CISO Jason Steer for a webinar on October 24th or get in touch with your Splunk sales representative to see a demo and check out how Recorded Future Cloud Intelligence can level up your security operations today.