There is a semantic oncology dynamic relationship between how the MIGR Tech framework needs more data infusion enrichment capabilities. To be clear, what the vendor is doing is of a high standard, and my only critique is that they need to make new enhancements. I am aware that the vendor is making a concerted effort to add additional information to their repository, and it is something they actively do. The vendor has publicly stated that they will work on this, and I always pay attention to make sure they adhere to that. This does not change over time.

The export feature of the recording needs to stop being so restricted. When they record in order to save themselves by operations, I would expect that as a super user, if I asked to download the dataset I'm looking for, I would not be limited in my data downloads. One of the cool things is, let's say we do our entire research and we want to save all of the materials that were returned, and that special custom search that we made, we can export that into a CSV file. The problem is it gets restricted. So sometimes when I say it's restricted, we don't get all the data that we saw online. So then we have to go and manually search for the specific thing we're looking for. I would like to have the URI and whatever value set that I search off, and for the NLP package to not be stripped out. It's like saying I want to do a Pcap analysis. Don't strip out the Pcap when I asked to see Pcap. That's what they're doing. They do this for many different reasons. One of them is, imagine if everyone downloaded datasets that are very large and it brings the whole system down.

We can get the data of different malware active throughout the globe, but it would be good if we can do sandboxing of a file. For example, on Any Run, we can perform sandboxing of malware along with their intel about a particular file or hash. It would be great if they have a feature like that.

The product gives many false positives. If someone talks about the brand or organization name in the public domain over chats or blocks, it gets highlighted. It may not necessarily be a threat but still gets highlighted which increases the false positive count.

The solution could improve in reducing the false positives. However, most of the other tools on the market have false positives. If they enhance their data algorithm, it could improve the accuracy of results and minimize false positives. Identifying patterns of false possibilities can aid in developing better reporting features that could potentially eliminate them in the future. This recording feature tool could benefit from adopting similar techniques utilized by other tools to enhance its functionality. By doing so, it could minimize the need for manual efforts in distinguishing true positives from false positives, ultimately reducing the workload.

In a future release, it would be beneficial if the vendor would add more features to create one full solution that can meet the needs of the whole cybersecurity incident purpose.

I have been using Recorded Future for four months and am still exploring its features. As for improvements, I would suggest enhancing the alert system. For example, when investigating alerts related to my domain "abc.com," I noticed that the system sometimes detects false positives. It detects other words that contain the letters "abc" like "ablex" or "ableg" which can be misleading. It would be helpful if the system could improve its accuracy and only detect alerts that are truly relevant to my domain.

I would recommend adding a feature that can specifically detect my domain name, "abc.com," and not just words containing "abc" or similar letters. It would further reduce false positives and improve the overall accuracy of the system.

At present, my clients need to be trained by me or another organization on how to use Recorded Future and how to get the best out of it as an analyst, engineer, and administrator. It would be better if clients could directly learn these things without having to go through me or other organizations.

I think the user experience could be improved. I'd also like to see an improvement in the visibility of malware and international APT attacks. Those are the two important things for me right now. In any future release, I'd like to see a greatly simplified ability to extract data from their tickets. 

Recorded Future is a very expensive solution, and its pricing could be improved.

When you add one website to Recorded Future, it should automatically call all other websites and social media platforms.

The product is too big. The vast majority of data you have. You can run queries and you can get more data than you probably want, and you have to take a deep dive a lot of the time.

The solution would benefit from introducing automation. When you are running a query just to get the data you're looking for, the result comes back so big, as it will be able to return a lot of results from different sources. Sometimes it could be a bit messy. Automation would help streamline and simplify.

The tool can be pricey, especially for smaller companies.