Recorded Future (Preview)

Recorded Future Connector enables access to the Recorded Future Intelligence. The connector has dedicated actions for pulling Recorded Future indicators (IP, Domain, URL, Hash) and associated context (Risk Score, Risk Rules, Intelligence Card Link and Related Entities) , Vulnerabilities, Recorded Future Alerts and enables access to Recorded Future SOAR API and Fusion Files

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
Power Automate Premium All Power Automate regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
Power Apps Premium All Power Apps regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
Contact
Name Recorded Future Support
URL https://support.recordedfuture.com
Email support@recordedfuture.com
Connector Metadata
Publisher Recorded Future
Website https://www.recordedfuture.com
Privacy Policy https://www.recordedfuture.com/privacy-policy/
Categories AI;Data

The Recorded Future integration allows real-time security intelligence to be integrated into popular Microsoft services like Sentinel, Defender ATP, and others. This empowers our clients to maximize their existing security investments, ensuring they have real-time intelligence to secure their cloud environments and reduce risk to the organization. The Recorded Future connector for Microsoft Azure enables access to dedicated actions for pulling Recorded Future indicators (IP, Domain, URL, Hash, Vulnerabilities), associated context (Risk Score, Risk Rules, Intelligence Card Link and Related Entities), and Recorded Future alerts.

Prerequisites

To enable the Recorded Future for Microsoft Azure integration, users must be provisioned a Recorded Future API token. Please reach to your account manager to obtain the necessary API token.

How to get credentials

Prior to use of the Recorded Future integration for Microsoft Azure, users must provision an API token from their account manager or from within the Recorded Future portal necessary for the integration.

  1. Login to the Recorded Future Portal (https://app.recordedfuture.com). Click on the menu in the upper right and choose “User Settings”.

  2. On the User Settings menu, choose the “API Access” section and click the “Generate New API Token” link.

  3. Provide a name for your token, select a “Description” of “Microsoft Azure”, and then click the “Create” button. Save the API token that is generated, since you will configure it within the Microsoft Azure connector for the integration.

Known issues and limitations

N/A

Creating a connection

To connect your account, you will need the following information:

Name Type Description
API Key securestring

The API Key for this api

Throttling Limits

Name Calls Renewal Period
API calls per connection10060 seconds

Actions

Domain Enrichment

Domain Enrichment with Recorded Future data

Domain Extension Enrichment

Domain Enrichment with Recorded Future Extension Partner data

Hash Enrichment

Hash Enrichment with Recorded Future data

Hash Extension Enrichment

Hash Enrichment with Recorded Future Extension Partner data

IP Enrichment

IP Enrichment with Recorded Future data

IP Extension Enrichment

IP Enrichment with Recorded Future Extension Partner data

Lookup Alert Notification

Lookup Alert Notification

Recorded Future RiskLists and SCF Download

Recorded Future RiskList & Security Control Feeds Download

Search Alert Notifications

Search Alert Notifications

Search Alert Rules

Search Recorded Future UI Alert Rules

SOAR API - Look up multiple entities

SOAR API - Look up multiple entities (Specific Access is Required)

URL Enrichment

URL Enrichment with Recorded Future data

URL Extension Enrichment

URL Enrichment with Recorded Future Extension Partner data

Vulnerability Enrichment

Vulnerability Enrichment with Recorded Future data

Vulnerability Extension Enrichment

Vulnerability Enrichment with Recorded Future Extension Partner data

Domain Enrichment

Domain Enrichment with Recorded Future data

Parameters

Name Key Required Type Description
Domain input
domain True string

The domain to lookup. Must be a single domain

Returns

Name Path Type Description
intelCard
data.intelCard string

Recorded Future Intelligence Card Link

criticalityLabel
data.risk.criticalityLabel string

Recorded Future Indicator Criticality Level

score
data.risk.score integer

Recorded Future Indicator Risk Score

evidenceDetails
data.risk.evidenceDetails array of object

evidenceDetails

evidenceString
data.risk.evidenceDetails.evidenceString string

Recorded Future Risk Rules Evidence Details

rule
data.risk.evidenceDetails.rule string

Recorded Future Indicator Risk Rules

riskSummary
data.risk.riskSummary string

Recorded Future Risk Rules Summary

Domain Extension Enrichment

Domain Enrichment with Recorded Future Extension Partner data

Parameters

Name Key Required Type Description
Domain input
domain True string

The domain to lookup. Must be a single domain

Extension to call
extension True string

Extension to call

Returns

Hash Enrichment

Hash Enrichment with Recorded Future data

Parameters

Name Key Required Type Description
HASH input
hash True string

The HASH to lookup. Must be a single HASH

Returns

Name Path Type Description
intelCard
data.intelCard string

Recorded Future Intelligence Card Link

criticalityLabel
data.risk.criticalityLabel string

Recorded Future Indicator Criticality Level

score
data.risk.score integer

Recorded Future Indicator Risk Score

evidenceDetails
data.risk.evidenceDetails array of object

evidenceDetails

evidenceString
data.risk.evidenceDetails.evidenceString string

Recorded Future Risk Rules Evidence Details

rule
data.risk.evidenceDetails.rule string

Recorded Future Indicator Risk Rules

riskSummary
data.risk.riskSummary string

Recorded Future Risk Rules Summary

Hash Extension Enrichment

Hash Enrichment with Recorded Future Extension Partner data

Parameters

Name Key Required Type Description
HASH input
hash True string

The HASH to lookup. Must be a single HASH

Extension to call
extension True string

Extension to call

Returns

IP Enrichment

IP Enrichment with Recorded Future data

Parameters

Name Key Required Type Description
IP input
ip True string

The IP address to lookup. Must be a single IP address

Returns

Name Path Type Description
intelCard
data.intelCard string

Recorded Future Intelligence Card Link

criticalityLabel
data.risk.criticalityLabel string

Recorded Future Indicator Criticality Level

score
data.risk.score integer

Recorded Future Indicator Risk Score

evidenceDetails
data.risk.evidenceDetails array of object

evidenceDetails

evidenceString
data.risk.evidenceDetails.evidenceString string

Recorded Future Risk Rules Evidence Details

rule
data.risk.evidenceDetails.rule string

Recorded Future Indicator Risk Rules

a
data.risk.riskSummary string

Recorded Future Risk Rules Summary

IP Extension Enrichment

IP Enrichment with Recorded Future Extension Partner data

Parameters

Name Key Required Type Description
Input IP
ip True string

The IP address to lookup. Must be a single IP address

Extension to call
extension True string

Extension to call

Returns

Lookup Alert Notification

Lookup Alert Notification

Parameters

Name Key Required Type Description
Alert Notification ID
id True string

Alert Notification ID

Returns

Recorded Future RiskLists and SCF Download

Recorded Future RiskList & Security Control Feeds Download

Parameters

Name Key Required Type Description
Path to file
path True string

Path to file

Returns

Search Alert Notifications

Search Alert Notifications

Parameters

Name Key Required Type Description
Triggered
triggered string

All Elasticsearch compatible date formats are valid.

Alert Rule ID
alertRule True string

Alert Rule ID

Maximum number of records
limit integer

Maximum number of records

Records from offset
from integer

Records from offset

Returns

response
string

Search Alert Rules

Search Recorded Future UI Alert Rules

Parameters

Name Key Required Type Description
Freetext search
freetext string

Freetext search for Alert Rule Name

Maximum number of records
limit integer

Maximum number of records

Returns

Name Path Type Description
results
data.results array of object

results

Alert Rule Title
data.results.title string

title

Alert Rule ID
data.results.id string

id

Returned Number of Alert Rules
counts.returned integer

returned

Total Number of Alert Rules
counts.total integer

total

SOAR API - Look up multiple entities

SOAR API - Look up multiple entities (Specific Access is Required)

Parameters

Name Key Required Type Description
IP
ip string

An IP or array of IPs: array[string]

URL
url string

An URL or array of URLs: array[string]

Domain
domain string

A domain or array of domains: array[string]

HASH
hash string

A hash or array of hashes: array[string]

Vulnerability
vulnerability string

A vulnerability ID or an array of vulnerability IDs: array[string]

Returns

response
string

URL Enrichment

URL Enrichment with Recorded Future data

Parameters

Name Key Required Type Description
URL input
url True string

The URL to lookup. Must be a single URL

Returns

Name Path Type Description
criticalityLabel
data.risk.criticalityLabel string

Recorded Future Indicator Criticality Level

score
data.risk.score integer

Recorded Future Indicator Risk Score

evidenceDetails
data.risk.evidenceDetails array of object

evidenceDetails

evidenceString
data.risk.evidenceDetails.evidenceString string

Recorded Future Risk Rules Evidence Details

rule
data.risk.evidenceDetails.rule string

Recorded Future Indicator Risk Rules

riskSummary
data.risk.riskSummary string

Recorded Future Risk Rules Summary

URL Extension Enrichment

URL Enrichment with Recorded Future Extension Partner data

Parameters

Name Key Required Type Description
URL input
url True string

The URL to lookup. Must be a single URL

Extension to call
extension True string

Extension to call

Returns

Vulnerability Enrichment

Vulnerability Enrichment with Recorded Future data

Parameters

Name Key Required Type Description
Vulnerability ID (CVE, name) input
id True string

The Vulnerability ID (CVE, name) to lookup. Must be a single Vulnerability ID (CVE, name)

Returns

Name Path Type Description
intelCard
data.intelCard string

Recorded Future Intelligence Card Link

criticalityLabel
data.risk.criticalityLabel string

Recorded Future Vulnerability Criticality Level

score
data.risk.score integer

Recorded Future Vulnerability Risk Score

evidenceDetails
data.risk.evidenceDetails array of object

evidenceDetails

evidenceString
data.risk.evidenceDetails.evidenceString string

Recorded Future Risk Rules Evidence Details

rule
data.risk.evidenceDetails.rule string

Recorded Future Vulnerability Risk Rules

riskSummary
data.risk.riskSummary string

Recorded Future Risk Rules Summary

Vulnerability Extension Enrichment

Vulnerability Enrichment with Recorded Future Extension Partner data

Parameters

Name Key Required Type Description
Vulnerability ID (CVE, name) input
id True string

The Vulnerability ID (CVE, name) to lookup. Must be a single Vulnerability ID (CVE, name)

Extension to call
extension True string

Extension to call

Returns

Definitions

string

This is the basic data type 'string'.