The Recorded Future Sandbox Action integration enables ThreatQ users to seamlessly leverage Recorded Future’s sandboxing capabilities directly within their threat intelligence workflows. By integrating sandbox detonation and analysis into the platform, this action supports automated investigation and enrichment of suspicious indicators.

The Recorded Future Sandbox provides a secure environment for analyzing URLs and related indicators through dynamic detonation and behavioral analysis. It generates detailed reports and indicators of compromise (IOCs), enabling organizations to rapidly identify, investigate, and respond to emerging threats, including zero-day activity.

The integration allows intelligence teams to automatically submit indicators such as URLs, FQDNs, and IP addresses to the Recorded Future Sandbox for detonation. Following analysis, results can be ingested back into ThreatQ using the Recorded Future Sandbox CDF, supporting a continuous and automated threat intelligence workflow.

The integration provides the following action:

• Recorded Future Sandbox - Submit URLs -  submits URL samples to the Recorded Future Sandbox for detonation and analysis.

The integration is compatible with the following indicator types:

• FQDNs
• IP Addresses
• URLs

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.