Recorded Future CDF
Overview
The Recorded Future CDF ingests threat intelligence data from the following feeds published by the Recorded Future vendor:
Recorded Future Domain Risk List - retrieves information in the form of a CSV list where the first token is risk data and the last token containing the supporting context.
- Recorded Future IP Risk List - retrieves IP Addresses from the provider.
- Recorded Future URL Risk List - retrieves URLS from the provider.
- Recorded Future Vulnerability Risk List - retrieves CVEs from the provider.
- Recorded Future Hash Risk List - retrieves Hashes from the provider.
- Recorded Future Analyst Note - retrieves Reports, Indicators, and Attack Patterns from the provider.
- Recorded Future Alerts - retrieves Alerts from the provider.
- Recorded Future Alerts Details (Supplemental) - retrieves related data for each of the ingested events retrieved from the Alert endpoint.
- Recorded Future Playbook Alerts - retrieves a list of alerts filtered by the values provided in the configuration section.
- Recorded Future - Get Playbook Alerts (Supplemental) - retrieves related data for each of the ingested events retrieved from the Alert endpoint.
- Recorded Future Fusion Files - ingests threat intelligence information from the user selected Fusion feeds.
- Recorded Future Detection Rules - ingests Recorded Future detection rules (i.e. YARA, Snort, or Sigma) into ThreatQ as Signatures.
The integration ingests the following system objects:
- Adversaries
- Adversary Tags
- Assets
- Asset Attributes
- Attack Patterns
- Attack Pattern Attributes
- Compromised Account (custom object)
- Entities (custom object)
- Files
- Identities
- Indicators
- Indicator Attributes and Tags
- Malware
- Malware Attributes
- Reports
- Report Attributes
- Signatures
- Signature Attributes
- Vulnerabilities
- Vulnerability Attributes and Tabs