ac259bee40
|
||
|---|---|---|
| .. | ||
| Analytic Rules | ||
| Data | ||
| Hunting Queries | ||
| Package | ||
| Playbooks | ||
| Workbooks | ||
| ReleaseNotes.md | ||
| SolutionMetadata.json | ||
| readme.md | ||
readme.md
Recorded Future Intelligence for Microsoft Sentinel
Instructions how to install and use Recorded Future Solution for Microsoft Sentinel or how to install individual playbooks kan be found in the main readme.md in the Playbook sub directory in this repository.
Recorded Future also provide standalone Playbooks in this repository for EntraID (identity) and Defender for endpoints.
Recorded Future Intelligence Solution
Recorded Future Defender Integrations
Recorded Future for Identity
About Recorded Future
Recorded Future is the world's largest provider of intelligence for enterprise security. By seamlessly combining automated data collection, pervasive analytics, and expert human analysis, Recorded Future delivers timely, accurate, and actionable intelligence.
Benefits of Recorded Future integrations
- Detect indicators of compromise (IOCs) in your environment.
- Triage alerts faster with elite, real-time intelligence.
- Respond quickly with transparency and context around internal telemetry data.
- Maximize your investment in Microsoft Sentinel.
Learn more about Recorded Future for Microsoft Sentinel
Start a 30-day free trial of Recorded Future for Microsoft Sentinel from here!
Key Features
Recorded Future for Microsoft Sentinel offers a range of powerful intelligence capabilities, some of the key features include:
IOC Detection (Detect)
The TI-IndicatorImport playbooks pulls risk lists from Recorded Future and writes the contained indicators to the Microsoft Sentinel ThreatIntelligenceIndicator table via the RecordedFuture-ThreatIntelligenceImport playbook.
Microsoft Sentinel analytic rules correlates threat intelligence indicators with logs provided to Microsoft Sentinel and creates alerts/incidents for matches found.
IOC Enrichment (Respond)
Automation rules triggers on each incident and enriches incidents with Recorded Future intelligence.
Malware Sandbox Analysis (Sandbox)
Uploads and detonate samples in Recorded Future's Malware Analysis Sandbox. The sandbox provides safe and immediate behavioral analysis, helping contextualize key artifacts in an investigation, leading to faster triage.
Import Alerts (SOC Efficiency)
To increase the visibility and availability of Recorded Future Alerts. Import Recorded Future Alerts and Playbook Alerts from Recorded Future Portal into Microsoft Sentinel.
Recorded Future Automated Threat Hunt (Threat Hunt)
Threat hunting is the proactive and iterative process of searching for and detecting cyber threats that have evaded traditional security measures, such as firewalls, antivirus software, and intrusion detection systems. It involves using a combination of manual and automated techniques to identify and investigate potential security breaches and intrusions within an organization's network.
More about Threat Hunt (requires Recorded Future login)
Recorded Future Risk Lists
Risk Lists are curated lists that contain Indicators of Compromise (IOCs), such as IP addresses, domains, file hashes, or URLs associated with malicious activity. These lists are generated based on a wide array of Recorded Future intelligence sources, including open web, dark web, and other technical sources.
- Manage Risk Lists
- About Risk Lists (requires Recorded Future login)
- Risk List Download Recommendations (requires Recorded Future login)
Automatic Threat Hunt
Threat hunting is the proactive and iterative process of searching for and detecting cyber threats that have evaded traditional security measures, such as firewalls, antivirus software, and intrusion detection systems. It involves using a combination of manual and automated techniques to identify and investigate potential security breaches and intrusions within an organization's network.
- More about Automated threat hunt (requires Recorded Future login)
- ThreatHunting