website SEOWebsite Traffic
In August 2024, we announced enhancements to our integration of Recorded Future with Google Security Operations. The enhancements were designed to better integrate Recorded Future Threat Intelligence into the Google Security Operations platform.
Now, we’re excited to introduce updates to our integration with Google Security Operations. This means that you’ll have Recorded Future intelligence more comprehensively integrated throughout the end-to-end experience when using your Google Security Operations platform.
We’ve expanded our SOAR updates to more completely track intelligence from Recorded Future and close the feedback loop from Google Security Operations response workflow and capabilities to Recorded Future.
First, we’ve added a Collective Insights® capability. By running the Recorded Future enrichment action with Collective Insights enabled, you can enrich entities and send Collective Insights to Recorded Future. This will happen for any entity that’s enriched, whether you’re manually executing the action or running it within an enrichment playbook.
Second, we’ve added support for playbook alerts. Google Security Operations can now ingest the following playbook alert types: Domain Abuse, Data Leakage on Code Repository, Identity Novel Exposures, Geopolitical – Facility Risk Event, and Vulnerability. Cases are created for new playbook alerts with supporting evidence, and full alert details are ingested into separate panels. Entities within playbook alerts are added to an Entity Highlights panel. And you can track playbook alert updates via a dedicated connector.
Third, we’ve added support for sandboxing URLs and files. They’re sandboxed asynchronously, and the sandbox actions check results from Recorded Future every minute for half an hour. When results become available, cases are automatically updated with sandbox enrichment from Recorded Future.
Finally, Google Security Operations users can now author analyst notes for entities, and the notes can be viewed in the Recorded Future portal.
You can deploy our new integration with Google Security Operations from our GitHub repository.
The new functionality:
With these updates, Recorded Future data supports every part of the intelligence lifecycle in Google Security Operations — and you can customize the way you view and use the data to fit your workflows.
Our work on these integrations is ongoing, so be on the lookout for more enhancements in the coming months.
