The RecordedFuture application enriches the incoming logs with the threat information fetched from Recorded Future. You can use the enriched data in dashboards, reports, and alerts to monitor and track threats.
The application fetches threat information of the following entities from Recorded Future:
IP Address
URL
Domain
Hash
Vulnerability
The application summarizes all the fetched and enriched data of the given entities in an Intelligence Card. You can drill forward from the search results to access the Intelligence Card.
Furthermore, the application adds RecordedFuture as a threat intelligence source in the Threat Intelligence application. You can also use the Threat Intelligence process command to further enrich logs with the latest threat information.
The following steps summarize the flow of using RecordedFuture in LogPoint:
Install the Threat Intelligence application.
Install the RecordedFuture application.
Add RecordedFuture as a threat intelligence source in the Threat Intelligence Management panel or go to Settings >> Configuration >> Recorded Future.
Select the RecordedFuture entity types to fetch the threat information and store it in LogPoint.
Enable the Enable Drill Forward option.
Map LogPoint fields to the RecordedFuture entity types to drill forward from the fields to the Intelligence Card.
Apply an enrichment policy with the Threat Intelligence enrichment source.
From the search results, drill forward and find the Intelligence Card for the mapped fields.