A tool every SOC should have
Rating: 10 out of 10
IncentivizedUse Cases and Deployment Scope
Recorded Future is being utilized by SOC analysts as a threat intel. Since our company offers SOC services among our clients, Recorded Future has been advantageous to us in processing artifacts and identifying possible threats in a short period of time.
Pros
- Gives latest threat reports regarding an artifact (IP, domain or hash).
- Browser extension provides a real-time information about an artifact.
- Accurate in identifying malicious domains and IPs.
Cons
- For the Browser extension, since the main purpose is to present information with regards to the IP, I think it's best to give us an idea of where the IP originated/some additional information about the organization it belongs to.
Likelihood to Recommend
Recorded Future is mainly beneficial to the SOC. As part of the Monitoring team, Recorded Future makes the investigation of the alarms a lot easier for me. It can show the reputation of the IP/domain or even hashes which helps me redirect my focus to potentially malicious network activities.
Vetted Review
1 year of experience