Evidence details JSON returned from Recorded Future
Recorded Future Feed
- Details
- Content
- Dependencies
- Version History
Ingests indicators from Recorded Future feeds into Demisto.
Indicator Fields
| Name | Description |
|---|---|
Recorded Future Evidence Details | |
Recorded Future Risk Score | Recorded Future Risk Score |
Integrations
| Name | Description |
|---|---|
| Recorded Future RiskList Feed | Ingests indicators from Recorded Future feeds into Demisto. |
Indicator Fields
| Name | Description |
|---|---|
Recorded Future Risk Score | Recorded Future Risk Score |
Recorded Future Evidence Details | Evidence details JSON returned from Recorded Future |
Integrations
| Name | Description |
|---|---|
| Recorded Future RiskList Feed | Ingests indicators from Recorded Future feeds into Demisto. |
Required Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
Optional Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Common Types | By: Cortex XSOAR |
All level dependencies (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
1.1.3 - 1202417 (July 23, 2024)
- 35360
Download
Indicator Fields
New: Recorded Future Risk Score
New: (Available from Cortex XSOAR 6.10.0).
Integrations
Recorded Future RiskList Feed
- Added the Remove rawJSON from indicators parameter to improve the feed performance by removing the rawJSON.
- Updated the Docker image to: demisto/python3:3.11.9.103066.
- 35360
Download
1.1.0 - 798475 (February 1, 2024)
- 32445
- 32688
Download
Integrations
Recorded Future RiskList Feed
Breaking Changes The default range for Recorded Future Risk Scores mapped to a Suspicious Verdict has been changed. The previous range was risk scores 5-64 (inclusive). The new range will be risk scores 25-64 (inclusive). Indicators greater than 64 will still be given a Malicious verdict, and indicators less than 25 will now be set to an Unknown verdict. The IOC Threshold, Suspicious Threshold, and Malicious Threshold can all be adjusted in the integration settings.
- Added a suspicious_threshold parameter that allows users to change the range of risk scores that set a Suspicious verdict. Indicators with a risk score between the IOC Risk Score threshold and the Suspicious Threshold will be given an unknown verdict.
- Updated the Docker image to: demisto/python3:3.10.13.86272.
- 32445
- 32688
Download
1.0.31 - 6992191 (November 26, 2023)
- 31015
Download
Integrations
Recorded Future RiskList Feed
- Updated the integration description to include a notice advising users against fetching 100,000 or more indicators per instance.
- Updated the default Indicator Expiration Method to Indicator Type instead of When removed from the feed to minimize the risk of indicators expiring.
- Updated the Docker image to: demisto/python3:3.10.13.80593.
- 31015
Download
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | July 5, 2020 | |
| Last Release | November 11, 2024 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
