Recorded Future
Overview
The Recorded Future CDF ingests threat intelligence data from the following feeds published by the Recorded Future vendor:
- Recorded Future Domain Risk List - retrieves information in the form of a CSV list where the first token is risk data and the last token containing the supporting context.
- Recorded Future IP Risk List - retrieves IP Addresses from the provider.
- Recorded Future URL Risk List - retrieves URLS from the provider.
- Recorded Future Vulnerability Risk List - retrieves CVEs from the provider.
- Recorded Future Hash Risk List - retrieves Hashes from the provider.
- Recorded Future Analyst Note - retrieves Reports, Indicators, and Attack Patterns from the provider.
- Recorded Future Alerts - retrieves Alerts from the provider.
- Recorded Future Alerts Details (Supplemental) - retrieves related data for each of the ingested events retrieved from the Alert endpoint.
- Recorded Future Playbook Alerts - retrieves a list of alerts filtered by the values provided in the configuration section.
- Recorded Future - Get Playbook Alerts (Supplemental) - retrieves related data for each of the ingested events retrieved from the Alert endpoint.
- Recorded Future Fusion Files - ingests threat intelligence information from the user selected Fusion feeds.
The integration ingests the following system objects:
- Adversaries
- Assets
- Attack Patterns
- Compromised Account (custom object)
- Entities (custom object)
- Events
- Files
- Identities
- Indicators
- Malware
- Reports
- Vulnerabilities