Automated Threat Intelligence with Tines & Recorded Future

Recorded Future logo
Sign upBook a demo

Together, Recorded Future and Tines combine threat intelligence with powerful automation enabling your team to work smarter and more efficiently. Recorded Future threat intelligence enriches alerts with actionable context through a Tines automation. By the time an alert reaches your team, it includes in-depth information allowing you to respond to the threat faster and with greater confidence.

Key benefits

Eliminate manual aggregation, correlation & triaging

Gain greater context on reported breaches

Accelerate the time to remediation

Use case examples

Example 1

Add known exploited vulnerabilities to Recorded Future

Gather vulnerabilities from the CISA Known Exploited Vulnerabilities Feed and send the CVEs to the Recorded Future Vulnerability Watchlist.

Example 2

Create Sublime Security rules using Recorded Future threat intel

Use threat intelligence from Recorded Future to create detection rules in Sublime Security Get threat intelligence information from Recorded Future and create detection rules within Sublime Security to alert on new messages that match Recorded Future's threat actor indicators.

Example 3

Enrich a list of CVEs using Recorded Future via a form

Enrich a list of CVEs uploaded as a CSV file via a Tines form. For each CVE in the file, retrieve detailed risk analysis data from Recorded Future. A new CSV containing the enriched CVE data is then generated and sent to the recipient. This Story leverages Recorded Future's Vulnerability Intelligence module.

Created by

Derek Wohlfahrt

Example 4

Analyze phishing emails with Recorded Future

Analyze key aspects of phishing emails, including the sender domain, URL, leaked credentials, and any attachments, using enrichment and analysis from Recorded Future. Receive results via email and add them to your case management system if needed.

Example 5

Fetch rule results from Recorded Future Attack Surface Intelligence & open ServiceNow tickets

This Story automatically fetches results from Recorded Future Attack Surface Intelligence (ASI) module from SecurityTrails Risk Rules. The initial Slack alert will summarize the number of exposed risks by category and provide an option to open ServiceNow tickets. This Story corresponds to Recorded Future's ASI module.

Created by

Rosie Halpin and Aaron Sandow

Example 6

Send an IOC to Recorded Future for Analysis

This Story allows you to send a hash, IP, or domain to Recorded Future and returns a criticality level, summary, score, and link to Recorded Future. This Story corresponds to Recorded Future's SecOps and Threat Intel module.

An illustration of a chain with two rings

Identify IOCs faster and streamline threat response with Tines and Recorded Future