Recorded Future Connector enables access to the Recorded Future Intelligence. The connector has dedicated actions for pulling Recorded Future indicators (IP, Domain, URL, Hash) and associated context (Risk Score, Risk Rules, Intelligence Card Link and Related Entities) , Vulnerabilities, Recorded Future Alerts and enables access to Recorded Future SOAR API and Fusion Files
Status: Preview |
Tier: Premium |
Version: 1.0 |
Name |
Summary |
IP Enrichment |
|
IP Extension Enrichment |
|
Recorded Future RiskLists and SCF Download |
|
Domain Enrichment |
|
Domain Extension Enrichment |
|
URL Enrichment |
|
URL Extension Enrichment |
|
Hash Enrichment |
|
Hash Extension Enrichment |
|
Vulnerability Enrichment |
|
Vulnerability Extension Enrichment |
|
Alert_Rules_Search ([advanced][Optional]string freetext, [advanced][Optional]integer limit) |
Search Alert Rules |
Search Alert Notifications |
|
Lookup Alert Notification |
|
Soar_Bulk_Lookup ([Optional]Soar_Bulk_LookupParameterBody body) |
SOAR API - Look up multiple entities |
Name |
Summary |
Name |
Summary |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Summary: IP Enrichment
Description: IP Enrichment with Recorded Future data
Syntax:
RecordedFuture.IP_E (string ip, [internal]string fields)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
ip |
string (IP input) |
The IP address to lookup. Must be a single IP address |
True |
|
fields |
string
|
|
True |
Returns:
Type:IP_EResponse
Summary: IP Extension Enrichment
Description: IP Enrichment with Recorded Future Extension Partner data
Syntax:
RecordedFuture.IP_E_E (string ip, string extension)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
ip |
string (Input IP) |
The IP address to lookup. Must be a single IP address |
True |
|
extension |
string (Extension to call)Values: [Censys, GreyNoiseIntelligence, SentinelOne, alienvault, cisco_umbrella, deepsight_extension, domaintools_iris, dragos, dt, facebookte, farsight, isight, multirbl, nucleon, panw, phishme, reversinglabs, riskiq, servicenow_poc, shodan, virustotal, xforce] |
Extension to call |
True |
Returns:
Type:IP_E_EResponse
Summary: Recorded Future RiskLists and SCF Download
Description: Recorded Future RiskList & Security Control Feeds Download
Syntax:
RecordedFuture.R_List_D (string path)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
path |
string (Path to file)Values: [/public/MicrosoftAzure/ip_default.json, /public/MicrosoftAzure/ip_gt_90.json, /public/MicrosoftAzure/ip_active_c2.json, /public/MicrosoftAzure/ip_current_c2.json, /public/MicrosoftAzure/ip_botnet.json, /public/MicrosoftAzure/ip_insikt.json, /public/MicrosoftAzure/ip_phishing.json, /public/MicrosoftAzure/domain_default.json, /public/MicrosoftAzure/domain_gt_90.json, /public/MicrosoftAzure/domain_c2_dns.json, /public/MicrosoftAzure/domain_ransomware_payment.json, /public/MicrosoftAzure/domain_recent_weaponized.json, /public/MicrosoftAzure/domain_insikt.json, /public/MicrosoftAzure/domain_covid_lure.json, /public/MicrosoftAzure/domain_phishing.json, /public/MicrosoftAzure/url_gt_90.json, /public/MicrosoftAzure/url_c2.json, /public/MicrosoftAzure/url_ransomware_distribution.json, /public/MicrosoftAzure/url_compromised.json, /public/MicrosoftAzure/url_insikt.json, /public/MicrosoftAzure/url_malware_verdict.json, /public/MicrosoftAzure/hash_targeting_vulns.json, /public/MicrosoftAzure/hash_observed_testing.json, /public/MicrosoftAzure/hash_malware_ssl.json, /public/MicrosoftAzure/vuln_default.json, /public/MicrosoftAzure/vuln_gt_90.json, /public/MicrosoftAzure/vuln_recent_active_malware.json, /public/MicrosoftAzure/vuln_recent_exploit_kit.json, /public/MicrosoftAzure/vuln_recent_ransomware.json, /public/MicrosoftAzure/vuln_recent_rat.json, /public/MicrosoftAzure/vuln_recent_poc_remote.json, /public/MicrosoftAzure/vuln_recent_exploit_dev_itw.json, /public/MicrosoftAzure/vuln_exploited_itw_malware.json, /public/MicrosoftAzure/vuln_critical_cyber_signal.json, /public/prevent/c2_communicating_ips.json, /public/prevent/weaponized_domains.json, /public/prevent/weaponized_urls.json] |
Path to file |
True |
Returns:
Type:R_List_DResponse
Summary: Domain Enrichment
Description: Domain Enrichment with Recorded Future data
Syntax:
RecordedFuture.D_E (string domain, [internal]string fields)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
domain |
string (Domain input) |
The domain to lookup. Must be a single domain |
True |
|
fields |
string
|
|
True |
Returns:
Type:D_EResponse
Summary: Domain Extension Enrichment
Description: Domain Enrichment with Recorded Future Extension Partner data
Syntax:
RecordedFuture.D_E_E (string domain, string extension)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
domain |
string (Domain input) |
The domain to lookup. Must be a single domain |
True |
|
extension |
string (Extension to call)Values: [Censys, alienvault, cisco_umbrella, deepsight_extension, domaintools_iris, dragos, dt, facebookte, farsight, isight, phishme, report_website, reversinglabs, riskiq, servicenow_poc, shodan, virustotal, xforce] |
Extension to call |
True |
Returns:
Type:D_E_EResponse
Summary: URL Enrichment
Description: URL Enrichment with Recorded Future data
Syntax:
RecordedFuture.U_E (string url, [internal]string fields)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
url |
string (URL input) |
The URL to lookup. Must be a single URL |
True |
|
fields |
string
|
|
True |
Returns:
Type:U_EResponse
Summary: URL Extension Enrichment
Description: URL Enrichment with Recorded Future Extension Partner data
Syntax:
RecordedFuture.U_E_E (string url, string extension)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
url |
string (URL input) |
The URL to lookup. Must be a single URL |
True |
|
extension |
string (Extension to call)Values: [alienvault, deepsight_extension, facebookte, phishme, report_website, servicenow_poc, shodan] |
Extension to call |
True |
Returns:
Type:U_E_EResponse
Summary: Hash Enrichment
Description: Hash Enrichment with Recorded Future data
Syntax:
RecordedFuture.H_E (string hash, [internal]string fields)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
hash |
string (HASH input) |
The HASH to lookup. Must be a single HASH |
True |
|
fields |
string
|
|
True |
Returns:
Type:H_EResponse
Summary: Hash Extension Enrichment
Description: Hash Enrichment with Recorded Future Extension Partner data
Syntax:
RecordedFuture.H_E_E (string hash, string extension)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
hash |
string (HASH input) |
The HASH to lookup. Must be a single HASH |
True |
|
extension |
string (Extension to call)Values: [Censys, SentinelOne, active_reversinglabs, alienvault, cisco_umbrella, deepsight_extension, dragos, facebookte, pan_autofocus, phishme, reversinglabs, servicenow_poc, virustotal, xforce] |
Extension to call |
True |
Returns:
Type:H_E_EResponse
Summary: Vulnerability Enrichment
Description: Vulnerability Enrichment with Recorded Future data
Syntax:
RecordedFuture.Vuln_E (string id, [internal]string fields)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
id |
string (Vulnerability ID (CVE, name) input) |
The Vulnerability ID (CVE, name) to lookup. Must be a single Vulnerability ID (CVE, name) |
True |
|
fields |
string
|
|
True |
Returns:
Type:Vuln_EResponse
Summary: Vulnerability Extension Enrichment
Description: Vulnerability Enrichment with Recorded Future Extension Partner data
Syntax:
RecordedFuture.Vuln_E_E (string id, string extension)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
id |
string (Vulnerability ID (CVE, name) input) |
The Vulnerability ID (CVE, name) to lookup. Must be a single Vulnerability ID (CVE, name) |
True |
|
extension |
string (Extension to call)Values: [RBS, alienvault, bit_sight, facebookte, reversinglabs, shodan, xforce] |
Extension to call |
True |
Returns:
Type:Vuln_E_EResponse
Summary: Search Alert Rules
Description: Search Recorded Future UI Alert Rules
Syntax:
RecordedFuture.Alert_Rules_Search ([advanced][Optional]string freetext, [advanced][Optional]integer limit)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
freetext |
string (Freetext search) |
Freetext search for Alert Rule Name |
False |
|
limit |
integer (Maximum number of records) |
Maximum number of records |
False |
Returns:
Type:Alert_Rules_SearchResponse
Summary: Search Alert Notifications
Description: Search Alert Notifications
Syntax:
RecordedFuture.Alert_Not_Search ([advanced][Optional]string triggered, string alertRule, [advanced][Optional]integer limit, [advanced][Optional]integer from)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
triggered |
string (Triggered) |
All Elasticsearch compatible date formats are valid. |
False |
|
alertRule |
string (Alert Rule ID) |
Alert Rule ID |
True |
|
limit |
integer (Maximum number of records) |
Maximum number of records |
False |
|
from |
integer (Records from offset) |
Records from offset |
False |
Returns:
Type:string
Summary: Lookup Alert Notification
Description: Lookup Alert Notification
Syntax:
RecordedFuture.Alert_Not_Lookup (string id)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
id |
string (Alert Notification ID) |
Alert Notification ID |
True |
Returns:
Summary: SOAR API - Look up multiple entities
Description: SOAR API - Look up multiple entities (Specific Access is Required)
Syntax:
RecordedFuture.Soar_Bulk_Lookup ([Optional]Soar_Bulk_LookupParameterBody body)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
body |
|
|
False |
Returns:
Type:string
Summary:
Description:
Properties:
Name |
Type |
Summary |
Summary:
Description:
Properties:
Name |
Type |
Summary |
data |
|
data |
counts |
|
counts |
Summary:
Description: data
Properties:
Name |
Type |
Summary |
results |
array of (ResultsItem)
|
results |
Summary:
Description:
Properties:
Name |
Type |
Summary |
title |
string
|
title |
id |
string
|
id |
Summary:
Description: counts
Properties:
Name |
Type |
Summary |
returned |
integer(int32)
|
returned |
total |
integer(int32)
|
total |
Summary:
Description:
Properties:
Name |
Type |
Summary |
data |
|
data |
Summary:
Description: data
Properties:
Name |
Type |
Summary |
intelCard |
string
|
Recorded Future Intelligence Card Link |
risk |
|
risk |
Summary:
Description: risk
Properties:
Name |
Type |
Summary |
criticalityLabel |
string
|
Recorded Future Indicator Criticality Level |
score |
integer(int32)
|
Recorded Future Indicator Risk Score |
evidenceDetails |
array of (EvidenceDetailsItem)
|
evidenceDetails |
riskString |
string
|
riskString |
rules |
integer(int32)
|
rules |
criticality |
integer(int32)
|
criticality |
riskSummary |
string
|
Recorded Future Risk Rules Summary |
Summary:
Description:
Properties:
Name |
Type |
Summary |
mitigationString |
string
|
mitigationString |
timestamp |
string
|
timestamp |
criticalityLabel |
string
|
criticalityLabel |
evidenceString |
string
|
Recorded Future Risk Rules Evidence Details |
rule |
string
|
Recorded Future Indicator Risk Rules |
criticality |
integer(int32)
|
criticality |
Summary:
Description:
Properties:
Name |
Type |
Summary |
Summary:
Description:
Properties:
Name |
Type |
Summary |
data |
|
data |
Summary:
Description: data
Properties:
Name |
Type |
Summary |
intelCard |
string
|
Recorded Future Intelligence Card Link |
risk |
|
risk |
Summary:
Description: risk
Properties:
Name |
Type |
Summary |
criticalityLabel |
string
|
Recorded Future Indicator Criticality Level |
score |
integer(int32)
|
Recorded Future Indicator Risk Score |
evidenceDetails |
array of (EvidenceDetailsItem)
|
evidenceDetails |
riskString |
string
|
riskString |
rules |
integer(int32)
|
rules |
criticality |
integer(int32)
|
criticality |
riskSummary |
string
|
Recorded Future Risk Rules Summary |
Summary:
Description:
Properties:
Name |
Type |
Summary |
mitigationString |
string
|
mitigationString |
timestamp |
string
|
timestamp |
criticalityLabel |
string
|
criticalityLabel |
evidenceString |
string
|
Recorded Future Risk Rules Evidence Details |
rule |
string
|
Recorded Future Indicator Risk Rules |
criticality |
integer(int32)
|
criticality |
Summary:
Description:
Properties:
Name |
Type |
Summary |
Summary:
Description:
Properties:
Name |
Type |
Summary |
data |
|
data |
Summary:
Description: data
Properties:
Name |
Type |
Summary |
intelCard |
string
|
Recorded Future Intelligence Card Link |
risk |
|
risk |
Summary:
Description: risk
Properties:
Name |
Type |
Summary |
criticalityLabel |
string
|
Recorded Future Indicator Criticality Level |
score |
integer(int32)
|
Recorded Future Indicator Risk Score |
evidenceDetails |
array of (EvidenceDetailsItem)
|
evidenceDetails |
riskString |
string
|
riskString |
rules |
integer(int32)
|
rules |
criticality |
integer(int32)
|
criticality |
riskSummary |
string
|
Recorded Future Risk Rules Summary |
Summary:
Description:
Properties:
Name |
Type |
Summary |
mitigationString |
string
|
mitigationString |
timestamp |
string
|
timestamp |
criticalityLabel |
string
|
criticalityLabel |
evidenceString |
string
|
Recorded Future Risk Rules Evidence Details |
rule |
string
|
Recorded Future Indicator Risk Rules |
criticality |
integer(int32)
|
criticality |
Summary:
Description:
Properties:
Name |
Type |
Summary |
Summary:
Description:
Properties:
Name |
Type |
Summary |
Summary:
Description:
Properties:
Name |
Type |
Summary |
ip |
array of (string)
|
ip |
url |
array of (string)
|
url |
domain |
array of (string)
|
domain |
hash |
array of (string)
|
hash |
vulnerability |
array of (string)
|
vulnerability |
Summary:
Description:
Properties:
Name |
Type |
Summary |
data |
|
data |
Summary:
Description: data
Properties:
Name |
Type |
Summary |
risk |
|
risk |
Summary:
Description: risk
Properties:
Name |
Type |
Summary |
criticalityLabel |
string
|
Recorded Future Indicator Criticality Level |
score |
integer(int32)
|
Recorded Future Indicator Risk Score |
evidenceDetails |
array of (EvidenceDetailsItem)
|
evidenceDetails |
riskString |
string
|
riskString |
rules |
integer(int32)
|
rules |
criticality |
integer(int32)
|
criticality |
riskSummary |
string
|
Recorded Future Risk Rules Summary |
Summary:
Description:
Properties:
Name |
Type |
Summary |
mitigationString |
string
|
mitigationString |
timestamp |
string
|
timestamp |
criticalityLabel |
string
|
criticalityLabel |
evidenceString |
string
|
Recorded Future Risk Rules Evidence Details |
rule |
string
|
Recorded Future Indicator Risk Rules |
criticality |
integer(int32)
|
criticality |
Summary:
Description:
Properties:
Name |
Type |
Summary |
Summary:
Description:
Properties:
Name |
Type |
Summary |
data |
|
data |
Summary:
Description: data
Properties:
Name |
Type |
Summary |
intelCard |
string
|
Recorded Future Intelligence Card Link |
risk |
|
risk |
Summary:
Description: risk
Properties:
Name |
Type |
Summary |
criticalityLabel |
string
|
Recorded Future Vulnerability Criticality Level |
score |
integer(int32)
|
Recorded Future Vulnerability Risk Score |
evidenceDetails |
array of (EvidenceDetailsItem)
|
evidenceDetails |
riskString |
string
|
riskString |
rules |
integer(int32)
|
rules |
criticality |
integer(int32)
|
criticality |
riskSummary |
string
|
Recorded Future Risk Rules Summary |
Summary:
Description:
Properties:
Name |
Type |
Summary |
mitigationString |
string
|
mitigationString |
timestamp |
string
|
timestamp |
criticalityLabel |
string
|
criticalityLabel |
evidenceString |
string
|
Recorded Future Risk Rules Evidence Details |
rule |
string
|
Recorded Future Vulnerability Risk Rules |
criticality |
integer(int32)
|
criticality |
Summary:
Description:
Properties:
Name |
Type |
Summary |