The Recorded Future Action Bundle enables seamless enrichment of ThreatQ objects by leveraging Recorded Future’s intelligence platform. By submitting supported object types from a Data Collection, the bundle retrieves risk scores, rule-based context, and related threat intelligence including indicators, malware, adversaries, and vulnerabilities, enhancing visibility and supporting more informed analysis and decision-making.

The integration provides the following actions:

• Recorded Future - retrieves the risk score of an Ip address, domain or URL, hash, vulnerability.
• Recorded Future Vulnerabilities - retrieves the rules and values of the provided IP address, domain, URL, hash, vulnerability which tells how critical the object is.
• Recorded Future - GeoIP Lookup - retrieves the geographical location and proxy information of the provided IP address.
• Recorded Future - Find Entity Links - resolves a Recorded Future entity and ingests related malware, adversaries.

The actions are compatible with the following object types:

• Adversaries
• Indicators
  • MD5
  • SHA-1
  • SHA-256
  • SHA-512
  • IP Address
  • Domain
  • CVE
  • URL
• Malware
• Vulnerabilities

The action returns the following enriched data:

• Adversaries
• Indicators
  • Indicator Attributes
  • Indicator Tags
• Malware
• Vulnerabilities

Note:  This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.