The Recorded Future Sandbox CDF enables organizations to automatically ingest sandbox analysis data from Recorded Future Sandbox into ThreatQ. Recorded Future Sandbox provides a secure environment for detonating and analyzing suspicious files and URLs, producing detailed behavioral reports and indicators of compromise that support rapid threat identification and response.

This integration retrieves sample submission analysis reports from the Recorded Future Sandbox API and ingests the resulting intelligence into ThreatQ, including reports, indicators, malware, attack patterns, and associated attributes. By bringing sandbox analysis results into ThreatQ, analysts can correlate detonation findings with existing threat intelligence, enrich investigations, and improve visibility into emerging and evasive threats.

The integration provides the following feed:

• Recorded Future Sandbox Analyses - fetches and ingests sample submission analysis reports from the Recorded Future Sandbox API.

The integration ingests the following system objects:

• Attack Patterns
• Indicators
  • Indicator Attributes
• Malware
• Reports
  • Report Attributes