The RecordedFuture application enriches the incoming logs with the threat information fetched from Recorded Future. You can use the enriched data in dashboards, reports, and alerts to monitor and track threats.
The application fetches the threat information of the following entities from Recorded Future:
IP Address
URL (Uniform Resource Locator)
Domain
Hash
Vulnerability
The application summarizes all the fetched and enriched data of the given entities in an Intelligence Card. You can drill forward from the search results to access the Intelligence Card.
Furthermore, the application adds Recorded Future as a threat source in the Threat Intelligence application. You can also use the Threat Intelligence process command to further enrich logs with the latest threat information.
The following steps summarize the flow of using Recorded Future in LogPoint:
Install the Threat Intelligence application v5.0.0 or later.
Install the Recorded Future application v5.0.0 or later.
Add Recorded Future as a threat source in the Threat Intelligence Management panel or the RecordedFuture panel.
Select the Recorded Future entity types to fetch the threat information and store it in LogPoint.
Map LogPoint fields to the Recorded Future entity types so that you can drill forward from the fields to the Intelligence Card.
Apply an enrichment policy with the Threat Intelligence enrichment source.
From the search results, drill forward and find the Intelligence Card for the mapped fields.