>

Related

Microsoft and Recorded Future

Remediate Threats with Intelligence

Recorded Future for Microsoft Leverage the power of intelligence to correlate against internal telemetry data to detect risky IOCs, triage alerts faster, and proactively block threats before they impact business.

Why Recorded Future?

Recorded Future helps you to understand adversaries and their intent, what tools they are using, and who they are targeting. The Recorded Future Intelligence Graph:

  • Collects and structures adversary and victim data from text, imagery, and technical sources
  • Uses analytics to discover, analyze, and map associations across billions of entities in real time
  • Includes critical insights from our global team of world-class analysts
  • Delivers insights optimized for both user and technology workflows
  • By integrating Recorded Future with Microsoft, you are able to access this robust intelligence directly in Microsoft Sentinel & Defender for Endpoint to prioritize response to threats and decrease time spent manually researching.

Robust Out-of-the-Box Functionality

Pre Defined Logic Apps

Import Indicators Logic Apps and IOC Enrichment Playbook templates, which are preconfigured to look for IPs Actively Communicating C&C Servers, Domain C&C Abuse, URLs Reported by the Recorded Future research team and general IOC enrichment for IPs, Hashes, Domains and URLs

Analytical Rules

Recorded Future’s integration provides a number of analytic rules to detect malicious indicators in your logs and generate incidents from them. Currently, the integration detects indicators in the following logs: - DNSEvents - SyslogEvents - CommonSecurityLog - AzureActivityEvents

Workbooks

Recorded Future provides two correlation dashboards to visualize and summarize detections of malicious IOCs in your environment, summarized by use case categorization.

Use Cases

Programs

Microsoft Intelligence Security Association (MISA)

Recorded Future is a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors and managed security service providers that have integrated their solutions to better defend against a world of increasing threats.

Microsoft Intelligence Security Association (MISA)

Free Trial

Interested in exploring how you can use Recorded Future’s integration with your Microsoft Sentinel environment to accelerate threat detection and response? Recorded Future now offers a 30-day free trial with Microsoft Sentinel. Sign up today to gain access to:

  • A comprehensive view of your threat landscape with an unprecedented quantity and variety of sources from the open and dark web, as well as exclusive technical sources
  • Real-time risk scores and context on IPs, domains, URLs, hashes, and malware for faster alert triage
  • High-confidence, out-of-the-box risk lists for detection of previously undetected threats