elasticmachine
commented
2 years ago Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
Closed jamiehynds closed 2 years ago
elasticmachine
commented
2 years ago Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
jamiehynds
commented
2 years ago @adriansr are we still on track to update the RF integration in 8.1 to support their supported ingest method? (for when you're back from PTO!)
MarkSettleES
commented
2 years ago @adriansr and @jamiehynds, will 8.1 introduce an integration for threat intelligence from Recorded Future?
jamiehynds
commented
2 years ago @MarkSettleES that's what we're aiming for, but it's not locked in yet, so I'd hold off on including in launch materials for the time being. We have a meeting with RF next week and should have a clearer picture on where things stands within the next 2 weeks or so.
Description
The Recorded Future Intelligence Platform delivers an end-to-end view of threats across the enterprise, from attacker to midpoint to target. It includes a unique combination of feeds, open source intelligence, dark web and human-generated intelligence, and proprietary technical sources -- all delivered on a centralized platform and integrated directly into dozens of third-party security solutions.
This integration will replace our current RF integration.
Architecture
Our current integration does not follow RF best practice for data ingestion. Their preferred approach is to ingest a CSV file periodically (which can be up to 700mb). Based on initial research, our current ingest pipeline may be re-used as part of this integration.
Integration release checklist
This checklist is intended for integrations maintainers to ensure consistency when creating or updating a Package, Module or Dataset for an Integration.
All changes
New Package
Dashboards changes
Log dataset changes
sample_event.json) exists