Recorded Future Add-on for Splunk ES

THIS ADD-ON IS NO LONGER SUPPORTED. SEE https://splunkbase.splunk.com/app/4920/ FOR THE CURRENT RECORDED FUTURE INTEGRATION WITH SPLUNK The Recorded Future Add-on for Splunk ES is designed specifically for Splunk Enterprise Security. This Add-on integrates with the Splunk ES Threat Intelligence Framework by adding a formatted feed containing information security threat indicators. With this added feature, defenders can automate the process of finding connections between internal incidents and external sources. This can work bidirectionally: searching Recorded Future for more context around internally observed indicators, or testing trending indicators from open source reporting against internal datasets. The Add-on also simplifies the workflow of analysts working within the ES environment by adding contextual actions to the Incident Review and event searching and reporting views. This includes information on IPs, domains, file hashes and CVEs.