Am I reading the correct user guide?
Am I reading the correct user guide?
Some connectors on the Vulcan help center offer multiple user guides tailored to different setups and versions.
Click on 'How to connect' on the Connector's setup page to open the right guide for your setup and version, ensuring accuracy and relevance.
Overview
About Recorded Future
Recorded Future Vulnerability Intelligence automatically collects vital vulnerability data from the widest range of open, closed, and technical sources. This wealth of information is analyzed and risk-scored in real-time, enabling security teams to instantly understand which vulnerabilities pose the greatest risk to their organization.
Why Integrate Threat Intelligence tools into the Vulcan Platform?
Read all about the value you gain out of this integration here.
Recorded Future Connector details
Supported products | |
Category | Threat Intelligence |
Integration type | UNI directional (data is transferred from Recorded Future to the Vulcan Platform in one direction) |
Supported version and type | SaaS (latest) |
Connector Setup
Prerequisites and user permissions
Before you begin configuring the connector, make sure you have the following:
Recorded Future API token is required to use the API
Configuring the Recorded Future Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the Recorded Future icon.
Set up the Connector as follows:
Enter the API Token you generated in Recorded Future
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Recorded Future instance, then click Create (or Save Changes).
Allow some time for the sync to complete. Then, you can review the sync status under Log.
To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Recorded Future icon shows Connected, the connection is complete.
Recorded Future in the Vulcan Platform
Finding Recorded Future vulnerabilities
Recorded Future is a Threat Intelligence connector that enriches vulnerability data based on their CVE.
Once integrated, the Recorded Future TI data becomes available and attached to the relevant vulnerabilities in the Vulcan Platform.
Go to Vulnerabilities > filter by Threats > Recorded Future Critical / High.
Note: The Vulcan Platform displays recorded future CVEs only with Critical (score above 90) and High (score 65-89) severity levels.
You can focus and narrow your search by selecting more filters.
In the results, you'll see that vulnerabilities have a "Recorded Future" threat tag.
Click on a vulnerability/CVE for more details.
In the Vulnerability details window, you can see all the cyber information gathered on that vulnerability including Affected Assets, Threat Tags, Severity Score, Fixes, and much more. the "Recorded Future" tag will appear next to Attack Vectors.
Go to the Threat Intelligence tab > Expand the attached Recorded Future TI card for more details.
See it in action:
Intelligence Cards provide transparency into the evidence for each risk rule, usually including one or more reporting sources and links back to documents published by these sources.
Each Recorded Future Intelligence Card refers to a single CVE and displays details such as first-seen date, description, last-seen date, risk score, risk summary, Observed risk rules including name, criticality, description, latest website mentioning the CVE, and more.
Known limitations
Currently, the following information from Recorded Future isn't presented in the Vulcan Platform:
NVD Summary
Context
Taking action and automating remediation on vulnerabilities
Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the Recorded Future Connector.
Use the Threats condition to create automation based on Threat Tags and Attack Vectors, such as Threat Intelligence tags by Mandiant or Recorded Future.
Click here to learn how to create automation in the Vulcan Cyber Platform.
API
API endpoints in use
API Call |
GET risk list
GET /v2/vulnerability/format=csv%2Fsplunk&list=default |
GET vulnerability Intelligence Cards
|