Blog

Recorded Future for Google Security Operations

Posted: 28th August 2024
By: Mike DiBella

We are thrilled to announce our latest development for our integration of Recorded Future with Google Security Operations, also known as Security Operations (Formerly known as Google Chronicle). This exciting enhancement is designed to elevate your security operations by refining both the SIEM and SOAR components.

The Critical Role of Intelligence in Automation

In today’s rapidly evolving threat landscape, automation is not just beneficial—it’s essential. It streamlines processes, minimizes human error, and accelerates response times. But here’s where it gets even more powerful: when combined with real-time and actionable threat intelligence.

By integrating Recorded Future with Google Security Operations, you’re not just enhancing visibility and enrichment. This integration:

  • Drives greater automation in threat detection and response through intelligence-driven workflows
  • Enables your security operations teams to manage a higher volume of threats with remarkable efficiency.
  • Addresses critical alerts promptly and accurately, freeing up your analysts to focus on strategic decision-making and complex investigations rather than getting bogged down by repetitive tasks.

Automation empowered by intelligence you trust means that your team can respond to threats faster and more effectively, keeping you ahead in the ever-changing security landscape.

We’re excited about these upcoming improvements and confident they will significantly boost your ability to manage and respond to threats with enhanced efficiency and precision.

Here’s a glimpse of what’s coming up:

September 15th: Google Security Operations SOAR v1.0

  • Collective Insights: Soon, you’ll be able to seamlessly write detections from Google SecOps SOAR into Recorded Future Collective Insights. This means your SecOps Dashboard will be populated with detections created in Security Operations, enriched with Recorded Future intelligence, ready to be leveraged to build your threat landscape around what you are detecting in the wild for swift decision-making.
  • Improved Enrichment: Look forward to comprehensive enrichment data for IPs, Hashes, Domains, URLs, and Vulnerabilities. These insights will empower you to make more informed decisions with greater ease.

Google-Security-Operations-001.png

Improved Presentation of Recorded Future Intelligence, Supporting Enrichment and Correlation use cases

  • Enhanced Alerts: Recorded Future Alert details will be fully integrated and displayed in Google SecOps SOAR, giving your analysts a more robust tool for triaging and responding to alerts.

Google-Security-Operations-002.png

View the Recorded Future alert details right in Google SecOps SOAR to view the supporting evidence

Google-Security-Operations-003.png

Related entities contained in the alert are extracted as ‘Entity Highlights’ that can be enriched for further context in Google Security Operations Playbooks

November 2024: Google Security Operations SOAR v1.1

  • Recorded Future Alerts: Full integration of Recorded Future Alerts into Google SecOps SOAR will be available, enhancing analysts’ ability to manage and respond to threats effectively. Recorded Future Alerts cover use cases such as domain abuse, code repository exposure, critical vulnerability, brand mentions on the dark web, leaked credentials and many more

Q1 2025: Google Security Operations SIEM

Following soon after will be an upgrade to the integration with Google Security Operations SIEM, including support for

  • Risk Lists + Correlation Rules: We will introduce tailored risk lists for correlation use cases, along with out-of-the-box correlation rules. These additions will help users utilize Recorded Future Intelligence for correlation to help prioritize and understand detections as they are coming in to the SIEM.

Stay tuned for more updates as we continue to refine this integration to better support your security operations!

Related