Threat: With the Recorded Future integration threat analysts can easily see if a domain, IPs, or file hashes are of potential risk to their organization and adjust their internal threat information appropriately.
Threat Hunting: Threat hunters utilize the Recorded Future integration to gain quick insights into threat information on indicators. Enabling quick triage of the indicators analysts are going through to determine if there are any threats before issues occur.
Malware Analysis: Analysts reversing malware or drilling into potential malware in their environment can quickly gain insight into other reports and forums that are discussing the malware file hash and pivot to Recorded Future for further analysis.
In order to use the Polarity - Recorded Future integration, configuration of the integration is required.
API Key - An API key is required in order to use the Recorded Future integration. To locate and or generate a Recorded Future API key, navigate to your account and locate the API Token.
Minimum Score - This option allows analysts to set a minimum score to be notified on indicators within Recorded Future. If an indicator has a risk score of 30 and the minimum score is set to 35 the analyst will not be notified by Polarity on the indicator.
Ignore List or Ignore Regex - Recorded Future Integration enables the ability to set a regex to match domains or ips to be ignored or add in a comma separated list, so the integration will never look them up in Flashpoint. This is typically used for sensitive information or company domains.