Recorded Future Informational Playbook Alert

This rule is part of a beta feature. To learn more, contact Support.
recorded-future

Classification:

attack

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect new informational Recorded Future Playbook Alerts.

Strategy

This rule monitors Recorded Future Playbook Alert events with Informational priority. It uses new value detection on @metadata.playbook_alert_id to generate a signal the first time each unique playbook alert is observed at that severity, avoiding duplicate signals when only minor changes are made to a playbook alert.

Triage & Response

  1. Review the playbook alert ID {{@metadata.playbook_alert_id}}, and if necessary open the corresponding alert in the Recorded Future portal for full details.
  2. Identify the specific playbook category (for example, identity intelligence, third-party risk, vulnerability intelligence) to understand the nature of the threat.
  3. Determine the affected assets or entities in your organization referenced by the alert.
  4. Escalate to the relevant team (security operations, vulnerability management, vendor risk) based on the playbook type.
  5. Continue to monitor the playbook alert in case the severity increases