Integrate Recorded Future threat intelligence with Datadog Cloud SIEM

Recorded Future provides real-time threat intelligence about indicators of compromise (IOCs), including malicious IP addresses, domains, and vulnerabilities. It also adds context on threat actors and campaigns to help security teams understand which signals represent real risk and prioritize their responses accordingly.

Datadog supports threat intelligence through capabilities such as Bring Your Own Threat Intelligence (BYOTI) and built-in threat feeds. The Recorded Future integration, our first threat intelligence integration, builds upon this foundation by delivering threat intelligence in Datadog without the overhead of managing custom feeds. It automatically enriches security logs with context such as risk scores and threat associations, enabling faster triage and more confident responses to threats.

In this post, we’ll cover how the integration helps you:

Continuously enrich logs with Recorded Future threat intelligence feedsCapture Recorded Future Classic Alerts and Playbook Alerts in DatadogCorrelate threat intelligence with Datadog Cloud SIEM signalsGet started quickly with the Recorded Future Content Pack

Continuously enrich logs with Recorded Future threat intelligence feeds

Integrate Recorded Future threat intelligence with Datadog Cloud SIEM | Datadog

Related reading

What’s new in Cloud SIEM: AI-powered investigations, enhanced threat…

Turn security signals into structured investigations with Case Management in…

How Datadog uses observability data to secure its platform | Datadog

This Month in Datadog - April 2026 | Datadog

How to investigate cloud credential compromise with Bits AI Security Analyst |…

Add dynamically updating context to logs with Reference Tables and…