Recorded Future App for Splunk

Overview

Details

See the power of Recorded Future + Splunk for yourself. Go to https://go.recordedfuture.com/splunk-integration-trial for a 30 day free trial of our app!
---
Make fast and informed incident verdicts, expand detection incidents in your network, and use Recorded Future to monitor emerging external threats to your organization.

Recorded Future brings real-time intelligence directly from the widest breadth of open, technical, and dark web sources into Splunk, giving security operations analysts context with full transparency. This integration provides the following services in addition to our indicator risk information and supporting evidence, helping analysts prioritize events and incidents:
- Risk lists for event correlation with customizable correlation dashboards
- Enrichment dashboards with intelligence and context for six types of IOCs
- Additional dashboards, reports, and workflows

The App detects if Splunk ES is installed; if so, additional features are available, including
- Configured RiskLists populate the risk tables of the Threat Intelligence Framework
- Notable events can be enriched with Recorded Future context using Adaptive Response

Installation
To install the Recorded Future App for Splunk:
1. Install the app by uploading a package or from Splunkbase
2. Restart Splunk if prompted
3. When launching the app for the first time, go to the Configuration tab → Setup
4. Enter the API Credential where designated
5. Review Proxy and Logging configuration
6. Configure Risk Lists and/or Alerting Rules on the associated tabs.
7. Click save after entering desired information
8. Each Correlation dashboard must be adapted to select relevant event types for the site. Go to the dashboard, click Edit and then select the Source tab. Near the top of the page there is instruction on how to set this up.
A more detailed installation document, with options specific to Splunk ES and general troubleshooting tips, is available here: https://go.recordedfuture.com/hubfs/splunk-integration-guide.pdf

Release Notes

Version 1.0.17

June 30, 2021

This is the primary Recorded Future integration app for Splunk, and is the successor to both previous integrations [the Recorded Future App for Splunk Enterprise (https://splunkbase.splunk.com/app/2629/) and the Add-on for Splunk ES (https://splunkbase.splunk.com/app/3127/)]. The two older integrations will no longer be developed past their current versions (v5.0.10 and v4.0.4 respectively). Clients transitioning to this app from an older integration will need to do a full clean install.

This app includes functionality found in both of the separate older integrations; Splunk enterprise configuration is available by default, and if Splunk ES is detected, additional configuration options are available.

This is a Patch Release that fixes various issues, see CHANGELOG.md in README for details.

Version 1.0.14

April 26, 2021

1,101

Installs

1,731

Downloads

Share Subscribe

Version

Built by

Recorded Future

Support

Developer Supported

Contact Developer Questions on Splunk Answers Flag as inappropriate

Compatibility

Products: Splunk Enterprise, Splunk Cloud

Splunk Versions: 8.1, 8.0, 7.3, 7.2, 8.2

Platform: Platform Independent

CIM Versions: 4.x

Splunk Versions: 8.2, 8.1, 8.0, 7.3, 7.2

Platform: Platform Independent

CIM Versions: 4.x, 3.x

Licensing

BSD 3-Clause

Category & Contents

Categories: Security, Fraud & Compliance

App Type: App

Subscribe Share

My Account

Support & Services