Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recorded Future #2204

Closed
15 tasks
jamiehynds opened this issue Nov 22, 2021 · 4 comments · Fixed by #2757
Closed
15 tasks

Recorded Future #2204

jamiehynds opened this issue Nov 22, 2021 · 4 comments · Fixed by #2757
Assignees
@adriansr
Labels
8.1 candidate Epic In Progress New Integration Theme: just_ingest_it v8.1.0

Comments

@jamiehynds
Copy link

Description

The Recorded Future Intelligence Platform delivers an end-to-end view of threats across the enterprise, from attacker to midpoint to target. It includes a unique combination of feeds, open source intelligence, dark web and human-generated intelligence, and proprietary technical sources -- all delivered on a centralized platform and integrated directly into dozens of third-party security solutions.

This integration will replace our current RF integration.

Architecture

Our current integration does not follow RF best practice for data ingestion. Their preferred approach is to ingest a CSV file periodically (which can be up to 700mb). Based on initial research, our current ingest pipeline may be re-used as part of this integration.

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.

All changes

  • Change follows the contributing guidelines
  • Supported versions of the monitoring target are documented
  • Supported operating systems are documented (if applicable)
  • Integration or System tests exist
  • Documentation exists
  • Fields follow ECS and naming conventions
  • At least a manual test with ES / Kibana / Agent has been performed.
  • Required Kibana version set to:

New Package

  • Screenshot of the "Add Integration" page on Fleet added

Dashboards changes

  • Dashboards exists
  • Screenshots added or updated
  • Datastream filters added to visualizations

Log dataset changes

  • Pipeline tests exist (if applicable)
  • Generated output for at least 1 log file exists
  • Sample event (sample_event.json) exists
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@jamiehynds
Copy link
Author

@adriansr are we still on track to update the RF integration in 8.1 to support their supported ingest method? (for when you're back from PTO!)

@MarkSettleES
Copy link

@adriansr and @jamiehynds, will 8.1 introduce an integration for threat intelligence from Recorded Future?

@jamiehynds
Copy link
Author

@MarkSettleES that's what we're aiming for, but it's not locked in yet, so I'd hold off on including in launch materials for the time being. We have a meeting with RF next week and should have a clearer picture on where things stands within the next 2 weeks or so.

@adriansr adriansr mentioned this issue Mar 1, 2022
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adriansr adriansr

Labels
8.1 candidate Epic In Progress New Integration Theme: just_ingest_it v8.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add integration for Recorded Future threat intel
5 participants
@adriansr @elasticmachine @MikePaquette @MarkSettleES @jamiehynds