Deprecate Recorded Future Fileset #28029
Comments
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
|
@shimonmodi can you provide the text you want to display for the RF deprecation notice? FYI @adriansr |
|
Something along the lines of "This threat intelligence module is configured to use the search API for RecordedFuture, which does not provide the best analyst experience. We recommend using the RecordedFuture Integration Package (link here) for the most optimal experience." |
|
@jamiehynds is there a plan to update our integration to the RF supported method? |
|
@mbarretta this issue should have been closed. We shipped a new Recorded Future integration based on their recommended approach to ingest their TI data. Here's the PR: elastic/integrations#2757 Are you running into difficulties with the current integration? There's some known issues around our inability to handle IoC expiry, which we're currently working on across all TI integrations. |
norrietaylor
added
the
Team:Security-Service Integrations
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
|
Hi! We're labeling this issue as |
As we work through a longer term plan to fully support Recorded Future TI, we need to mark the RF fileset, within the TI module as experimental. Our current approach is not supported by Recorded Future and want to make it clear to our mutual customers that the current integration is not supported and mileage may vary.
Please add the experimental flag to the RF fileset in our docs: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-threatintel.html#recordedfuture
// @shimonmodi @P1llus @adriansr
The text was updated successfully, but these errors were encountered: