The Recorded Future Action Bundle submits any supported object types from a Data Collection to the Recorded Future API. Recorded Future returns a risk score and associated rule for each Indicator of Compromise, if found.

The integration provides the following actions:

• Recorded Future - retrieves the risk score of an IP address, domain or URL, hash, vulnerability as well as the rules and values of the provided IP address, domain, URL, hash, vulnerability which tells how critical the object is.
• Recorded Future Vulnerabilities - retrieves the rules and values of the provided IP address, domain, URL, hash, vulnerability which tells how critical the object is.

The action is compatible with the following object types:

• Indicators
  • MD5
  • SHA-1
  • SHA-256
  • SHA-512
  • IP Address
  • Domain
  • CVE
  • URL
  • Vulnerabilities

The action returns the following enriched data:

• Indicators
  • Indicator Attributes
  • Indicator Tags
• Vulnerabilities

Note:  This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.