Show:
SOC
Sales 101
Use Cases
Selling RF
Misc
100
This technology is used to correlate events and produces lots of alerts.
What is a SIEM?
100
This type of question will typically lead to obtaining more information
What is and open ended question?
100
This is what we save Threat Intel Analysts
What is Time
100
These are the two primary benefits of Recorded Future
1) Reduce Risk 2) Save time
100
Fill in the blank... 


Always _____ your SE before a call

What is Speak with or Prepare
200
This question can be asked to better understand what happens to alerts
What's your workflow when you receive an alert?
200
This would be a good response to a customer saying that that they are looking at another TI solution
That makes sense. What are the key use cases you're looking to solve?

or

Why?


200
You might ask this question to know if Analyst on Demand is a good fit
When news breaks about a breach, how does your organization react?


What types of Intel reports do you leverage/ would yo like to leverage?

200
What are our key differentiators
1) Machine Learning/AI 2) Breadth 3) Integrations 4) Analysts 5) Satisfied Customers
200
Prior to starting a POC you should have these in place
1) POC Criteria

2) Purchase timeframe

3) Identified who's paying for it/who is the final authority.

4) Buy Plan

300
This tool is commonly used by incident responders to review host based activity
What is EDR?
300
You could ask this question to better understand who will be the economic buyer.
Who's the executive sponsor on this project?  Who will need to final approve a purchase?
300
You can ask this question to know whether our vulnerability information would be useful.
How do you prioritize your patching?
300
These two use cases pertain to almost every prospect
1) Automation of alerts/SEIM Enrichment

2) Vulnerability Management

300
This would be a good time to bring the channel into an account
at the demo phase
400

This log source is used commonly used to track a domain lookup.

What are DNS logs?
400
This could be a response to a customer saying "Can you please just show me what you do?"
I can, but it's much better if I know a little more about what you're doing today before I show you.


theres a lot we can show you....for you to understand our value it's best if I understand more about your environment.

400
These questions can help you determine if there is an IOC research use case.
What happens today when you receive and IOC?  How much time does it take?
400
This is a great use case for someone who asks about the dark web
Equifax - Explain the use case
400
This is what you should be doing with all your channel reps
Account mapping
500
The following sentence is an example of what?

an alert fires from splunk about a potential bad IP address, it is then researched to see what is known about it, that IP address is shown to be malicious and associated with a bad hash, that hash is then banned.

A typical security workflow that can be automated.
500
This could be a response to the phrase "this is too expensive"
Why do you say that it's too expensive?


Really? Then maybe we could talk about one of our less expensive packages, would you be open to that.

500

This type of project that leverages technology instead of human for analysis within a SOC and is a perfect fit for Recorded Future.

What is Security Orchestration and Automation
500
This is the correct response when a customer asks you if we do typo-squatting
Can you tell me why typo-squatting is important to you? and How this fits in with your overall Threat Intel initiative/goal
500
This should be your top priority in the channel after leaving this meeting.
Work with channel SEs on a POC