Details
Content
Dependencies
Version History

Recorded Future App, this pack is previously known as 'RecordedFuture v2'

"Recorded Future Intelligence" Pack Documentation

Integrations

Recorded Future v2

Access Recorded Future data to enrich IPs, domains, URLs, CVEs, Files, and Malwares and assess
threats in regards to a specific context. Use this integration to fetch Recorded Future non-playbook alerts

Available Actions

Reputation actions:
- Gets a reputaion lookup based on Recorded Future's risk assessment for IPs, Domains, Files (hashes), URLs and CVEs
- Using the new Recorded Future SOAR Enrichment API.
- Available actions: ip, domain, url, file(hashes), cve.
Intelligence action
- Fetches full information for the entity.
- Supports IPs, Domains, URLs, Files(hashes), Vulnerabilities(cve), Malwares.
Malware search action
- Search for malware family names curated by Recorded Future
- Look up and enrich malware families with Recorded Future context
Alert actions
- Fetch alerting rules defined at Recorded Future.
- Fetch alert summaries from one or more alerting rules.
- Set alert status in Recorded Future
- Set alert note in Recorded Future
Threat assessment action
- Takes a context, such as phishing or malware and one or more IOC as input.
- Outputs a verdict (true/false) and related evidence (risk rules) for this context.

Relevant Playbooks

All the playbooks are meant to be used as sub-playbooks to get reputation, intelligence or assess the threat level in
regards to a context.

Available Reputation sub-playbooks
- IP
- Domain
- CVE
- File
- URL
- One combined playbook that returns the reputation for all of the above types
Available Intelligence/Enrichment sub-playbooks
- IP
- Domain
- CVE
- File
- URL
Threat assessment sub-playbooks for the following contexts
- Malware
- Phishing
- Command and Control (C2)
- Available template playbooks
- Recorded Future Entity Enrichment
- Recorded Future Sandbox (Hatching)
- Recorded Future Leaked Credentials Alert Handling
- Recorded Future Typosquat Alert Handling
- Recorded Future Vulnerability Alert Handling

Relevant Classifiers

Classifier and Incoming Mapper allows you to classify and map fetched incident onto Recorded Future Incident Types.

Recorded Future - Classifier
Recorded Future - Incoming Mapper

Relevant Incident Types

Recorded Future Alert
Recorded Future Leaked Credential Monitoring
Recorded Future New Critical or Pre NVD Vulnerabilities
Recorded Future Potential Typosquat

Relevant Layouts

Custom layout for Recorded Future incident type

Recorded Future - Playbook Alerts

Fetch & triage Recorded Future Playbook Alerts

Available Actions

recordedfuture-playbook-alerts-details
- View details of a specific Recorded Future playbook alert
- Get Playbook alert details by id
recordedfuture-playbook-alerts-update
- Update the status of one or multiple Playbook alerts
recordedfuture-playbook-alerts-search
- View which Recorded Future playbook alerts are set up in Recorded Future enterprise to be brought into XSOAR
- Search playbook alerts based on filters

Relevant Playbooks

The template playbooks included help you save time and keep your incidents in sync. They also aid with automating repetitive tasks associated with playbook alerts. Template playbooks should be used as launching points to build playbooks for specific use cases supported by Recorded Future. Certain playbook steps in a template playbook need to be configured to function.

Recorded Future Playbook Alert Details
- A default playbook to fetch details of Playbook alert that does not yet have mapping made by Recorded Future
Recorded Future Domain Abuse
- This playbook was developed as a template to handle the ingestion of Recorded Future Domain Abuse playbook alerts.
Recorded Future Vulnerability
- This playbook was developed as a template to handle the ingestion of Recorded Future Cyber Vulnerability playbook alerts.

Relevant Classifiers

Classifier and Incoming Mapper allows you to classify and map fetched incident onto Recorded Future Incident Types.

Recorded Future Playbook Alert Classifier
Recorded Future Playbook Alert Mapper

Relevant Incident Types

Recorded Future Playbook Alert
Recorded Future Domain Abuse
Recorded Future Vulnerability
Recorded Future Code Repo Leakage

Relevant Layouts

Recorded Future Playbook Alert Domain Abuse
Recorded Future Playbook Alert Vulnerability
Recorded Future Alert Layout

Recorded Future - Lists

Search and manage watchlists and lists in Recorded Future

Available Actions

recordedfuture-lists-add-entities
- Add entities to a list, separate entities by commas. "NOTE:" if entity type is specified, only one entity type can be added with each action.
recordedfuture-lists-remove-entities
- Remove entities from a list. Separate entities with commas. "NOTE:" If entity type is specified, only one entity type can be added with each action.
recordedfuture-lists-search
- Search for a Recorded Future list. Returns list entities
recordedfuture-lists-entities
- Fetch entities from given lists. Use search command to find the unique ID of a list.

Dashboards and indicators

Includes a dashboard that details various metrics related to indicators that was generated from Recorded Future data and
incidents that was created from Recorded Future data.

There are two indicator fields added to record which risk rules indicators have triggered as well as whether an
indicator is a malware, c2, or phishing when it has gone through the playbook for threat assessment.

Dashboards

Name	Description
Recorded Future

Layouts

Name	Description
Recorded Future Playbook Alert Layout	Default layout for Recorded Future Playbook Alert Incident type.
RecordedFutureLayout	Deprecated. Custom layout for Recorded Future Incident type.
Recorded Future Incident	Custom layout for Recorded Future Incident type.
Recorded Future Playbook Alert Vulnerability	Custom layout for Recorded Future Vulnerability Incident type.
Recorded Future Playbook Alert Domain Abuse	Custom layout for Recorded Future Domain Abuse Incident type.

Incident Fields

Name	Description
Recorded Future Identified Domain
Recorded Future Alert Entities
Recorded Future Targeted Products
Recorded Future Insikt Notes
Recorded Future AI Insights
Recorded Future Whois Record Data
Recorded Future Targeted Domains
Recorded Future DNS Records
Recorded Future Identified CVE
Recorded Future Risk Rule

Indicator Fields

Name	Description
RecordedFuture Risk rules
RecordedFuture Threat assessment

Incident Types

Name	Description
Recorded Future Leaked Credential Monitoring
Recorded Future New Critical or Pre NVD Vulnerabilities
Recorded Future Vulnerability
Recorded Future Code Repo Leakage
Recorded Future Domain Abuse
Recorded Future Playbook Alert
Recorded Future Potential Typosquat
Recorded Future Alert

Classifiers

Name	Description
Recorded Future Playbook Alert Classifier
Recorded Future Playbook Alert Mapper
Recorded Future - Incoming Mapper
Recorded Future - Classifier

Playbooks

Name	Description
Recorded Future IP Intelligence	IP Address Enrichment using Recorded Future Intelligence
Recorded Future IOC Reputation	Entity Reputation using sub-playbooks
Recorded Future IP Reputation	IP address reputation using Recorded Future SOAR enrichment
Recorded Future Domain Intelligence	Domain enrichment using Recorded Future intelligence
Recorded Future Vulnerability	This playbook was developed as a template to handle the ingestion of Recorded Future Cyber Vulnerability playbook alerts.
Recorded Future URL Reputation	URL reputation using Recorded Future SOAR enrichment
Recorded Future Leaked Credential Alert Handling	Template playbook showing suggested steps to triage leaked credential alerts. Classifier/Mapper are available to ingest Recorded Future Leaked Credential Alerts.
Recorded Future Sandbox	Template playbook utilizing Hatching.io to sandbox a given file and generate an analysis report. Indicators from the given report are then extracted and enriched with Recorded Future data.
Recorded Future Vulnerability Alert Handling	Template playbook showing suggested steps to triage new critical vulnerability alerts. Playbook include New and Critical CVEs. Classifier/Mapper are available to ingest Recorded Future New, Critical or Pre NVD Vulnerability Alerts.
Recorded Future CVE Intelligence	CVE enrichment using Recorded Future intelligence
Recorded Future URL Intelligence	URL Enrichment using Recorded Future intelligence
Recorded Future CVE Reputation	CVE reputation with Recorded Future SOAR enrichment
Recorded Future Playbook Alert Details	A default playbook to fetch details of Playbook alert that does not yet have mapping made by Recorded Future
Recorded Future Entity Enrichment	Template playbook to incorporate Recorded Future enrichment for IPs, Hashes, Domains, URLs into your current workflows. Playbook also shows how to look up available 'Links' data for IOCs.
Recorded Future - Threat Actor Search	Template playbook to initiate an Automated Threat Hunt based on the Threat Map in Recorded Future. The Playbook fetches links related to the Threat Actors part of the Threat Map from Recorded Future and launches a hunt in the SIEM for any detections within the environment.
Recorded Future File Intelligence	File enrichment using Recorded Future intelligence
Recorded Future Domain Abuse	This playbook was developed as a template to handle the ingestion of Recorded Future Domain Abuse playbook alerts.
Recorded Future Typosquat Alert Handling	Template playbook showing suggested steps to triage typo squat alerts. Classifier/Mapper are available to ingest Recorded Future Typo squat Alerts.
Recorded Future List Management	Manage, view, and edit your lists in Recorded Future.
Recorded Future Threat Assessment	Threat Assessment using the Recorded Future SOAR Triage API and the context Phishing.
Recorded Future Domain Reputation	Domain reputation using Recorded Future SOAR enrichment
Recorded Future Detailed Alert example
Recorded Future File Reputation	File reputation using Recorded Future SOAR enrichment

Integrations

Name	Description
Recorded Future v2 (Partner Contribution)	Unique threat intel technology that automatically serves up relevant insights in real time.
Recorded Future - Playbook Alerts (Partner Contribution)	Fetch & triage Recorded Future Playbook Alerts
Recorded Future - Lists (Partner Contribution)	Search and manage watchlists in Recorded Future

Modeling Rules

Name	Description
Recorded Future Modeling Rule

Incident Fields

Name	Description
Recorded Future Identified Domain
Recorded Future Alert Entities
Recorded Future Targeted Products
Recorded Future Insikt Notes
Recorded Future AI Insights
Recorded Future Whois Record Data
Recorded Future Targeted Domains
Recorded Future DNS Records
Recorded Future Identified CVE
Recorded Future Risk Rule

Indicator Fields

Name	Description
RecordedFuture Risk rules
RecordedFuture Threat assessment

Incident Types

Name	Description
Recorded Future Leaked Credential Monitoring
Recorded Future New Critical or Pre NVD Vulnerabilities
Recorded Future Vulnerability
Recorded Future Code Repo Leakage
Recorded Future Domain Abuse
Recorded Future Playbook Alert
Recorded Future Potential Typosquat
Recorded Future Alert

Classifiers

Name	Description
Recorded Future Playbook Alert Classifier
Recorded Future Playbook Alert Mapper
Recorded Future - Incoming Mapper
Recorded Future - Classifier

Playbooks

Name	Description
Recorded Future IP Intelligence	IP Address Enrichment using Recorded Future Intelligence
Recorded Future IOC Reputation	Entity Reputation using sub-playbooks
Recorded Future IP Reputation	IP address reputation using Recorded Future SOAR enrichment
Recorded Future Domain Intelligence	Domain enrichment using Recorded Future intelligence
Recorded Future Vulnerability	This playbook was developed as a template to handle the ingestion of Recorded Future Cyber Vulnerability playbook alerts.
Recorded Future URL Reputation	URL reputation using Recorded Future SOAR enrichment
Recorded Future Leaked Credential Alert Handling	Template playbook showing suggested steps to triage leaked credential alerts. Classifier/Mapper are available to ingest Recorded Future Leaked Credential Alerts.
Recorded Future Sandbox	Template playbook utilizing Hatching.io to sandbox a given file and generate an analysis report. Indicators from the given report are then extracted and enriched with Recorded Future data.
Recorded Future Vulnerability Alert Handling	Template playbook showing suggested steps to triage new critical vulnerability alerts. Playbook include New and Critical CVEs. Classifier/Mapper are available to ingest Recorded Future New, Critical or Pre NVD Vulnerability Alerts.
Recorded Future CVE Intelligence	CVE enrichment using Recorded Future intelligence
Recorded Future URL Intelligence	URL Enrichment using Recorded Future intelligence
Recorded Future CVE Reputation	CVE reputation with Recorded Future SOAR enrichment
Recorded Future Playbook Alert Details	A default playbook to fetch details of Playbook alert that does not yet have mapping made by Recorded Future
Recorded Future Entity Enrichment	Template playbook to incorporate Recorded Future enrichment for IPs, Hashes, Domains, URLs into your current workflows. Playbook also shows how to look up available 'Links' data for IOCs.
Recorded Future - Threat Actor Search	Template playbook to initiate an Automated Threat Hunt based on the Threat Map in Recorded Future. The Playbook fetches links related to the Threat Actors part of the Threat Map from Recorded Future and launches a hunt in the SIEM for any detections within the environment.
Recorded Future File Intelligence	File enrichment using Recorded Future intelligence
Recorded Future Domain Abuse	This playbook was developed as a template to handle the ingestion of Recorded Future Domain Abuse playbook alerts.
Recorded Future Typosquat Alert Handling	Template playbook showing suggested steps to triage typo squat alerts. Classifier/Mapper are available to ingest Recorded Future Typo squat Alerts.
Recorded Future List Management	Manage, view, and edit your lists in Recorded Future.
Recorded Future Threat Assessment	Threat Assessment using the Recorded Future SOAR Triage API and the context Phishing.
Recorded Future Domain Reputation	Domain reputation using Recorded Future SOAR enrichment
Recorded Future Detailed Alert example
Recorded Future File Reputation	File reputation using Recorded Future SOAR enrichment

Integrations

Name	Description
Recorded Future v2 (Partner Contribution)	Unique threat intel technology that automatically serves up relevant insights in real time.
Recorded Future Event Collector (Partner Contribution)	This integration fetches alerts from Recorded Future.
Recorded Future - Playbook Alerts (Partner Contribution)	Fetch & triage Recorded Future Playbook Alerts
Recorded Future - Lists (Partner Contribution)	Search and manage watchlists in Recorded Future

Required Content Packs (9)

Pack Name	Pack By
Base	By: Cortex XSOAR
Censys	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Atlassian Jira	By: Cortex XSOAR
Hatching Triage	By: Hatching
Filters And Transformers	By: Cortex XSOAR
Whois	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
URLScan.io	By: urlscan GmbH

Optional Content Packs (3)

Pack Name	Pack By
Common Types	By: Cortex XSOAR
Splunk	By: Cortex XSOAR
IBM QRadar	By: Cortex XSOAR

All level dependencies (12)

Pack Name	Pack By
Hatching Triage	By: Hatching
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
MITRE ATT&CK	By: Cortex XSOAR
Censys	By: Cortex XSOAR
Atlassian Jira	By: Cortex XSOAR
Whois	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
URLScan.io	By: urlscan GmbH

1.7.4 - 6800291 (November 5, 2023)

Integrations

Recorded Future v2

Added support for credentials with backwards compatibility for encrypted parameter
Updated the Docker image to: demisto/python3:3.10.13.78960.

Related pull requests:
- 30603
- 30475

Download

1.7.3 - 6679159 (October 23, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 30084

Download

1.7.2 - R6592021 (October 13, 2023)

Incident Fields

New: Recorded Future AI Insights

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.13.75921.
Display Recorded Future AI Insights in incident layout
Add Recorded Future AI Insights to alerts and intelligence commands results

Layouts

Recorded Future Incident
Add Recorded Future AI Insights field to incident layout

Mappers

Recorded Future - Incoming Mapper

Create a mapper for Recorded Future AI Insights

Related pull requests:
- 29961
- 29905

Download

1.7.1 - 6389447 (September 21, 2023)

Playbooks

Recorded Future - Threat Actor Search

Modify the detections rules command "on error" handling
Add the inputs into the sub playbooks for Splunk and QRadar

Related pull requests:
- 29690
- 29807

Download

1.7.0 - 6313394 (September 13, 2023)

Integrations

Recorded Future v2

Added the recordedfuture-threat-map command.
Added the recordedfuture-threat-links command.
Added the recordedfuture-detection-rules command.
Added the recordedfuture-collective-insight command.
Added the Recorded Future - Threat Actor Search playbook.

Playbooks

New: Recorded Future - Threat Actor Search

New: Template playbook to initiate an Automated Threat Hunt based on the Threat Map in Recorded Future. The Playbook fetches links related to the Threat Actors part of the Threat Map from Recorded Future and launches a hunt in the SIEM for any detections within the environment.

Related pull requests:
- 29641
- 29025

Download

1.6.10 - 6253250 (September 6, 2023)

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.13.72123.

Recorded Future - Lists

Updated the Docker image to: demisto/python3:3.10.13.72123.

Recorded Future - Playbook Alerts

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29456

Download

1.6.9 - 6133197 (August 23, 2023)

Integrations

Recorded Future - Playbook Alerts

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29157

Download

1.6.8 - 6086488 (August 18, 2023)

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.12.68714.

Recorded Future - Lists

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29052

Download

1.6.7 - 5950262 (August 3, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 28742

Download

1.6.6 - 5918814 (July 31, 2023)

Integrations

Recorded Future v2

Improved implementation for SSL verification.
Updated the Docker image to: demisto/python3:3.10.12.66339.

Recorded Future - Playbook Alerts

Improved implementation for SSL verification.
Updated the Docker image to: demisto/python3:3.10.12.66339.

Recorded Future - Lists

Improved implementation for SSL verification.

Related pull requests:
- 28624
- 28631

Download

1.6.5 - 5914533 (July 31, 2023)

Integrations

Recorded Future v2

Clean up of the amount of data sent to Recorded Future from the calling context when using Collective Insights: On.
Updated tool tip for Collective Insight setting to reflect what data is sent.

Related pull requests:
- 28579
- 28492

Download

1.6.4 - R5866730 (July 25, 2023)

Integrations

Recorded Future - Lists

Added the recordedfuture-lists-remove-entities command to remove entities from a list.
Added the recordedfuture-lists-entities command to fetch entities from a list.

Playbooks

New: Recorded Future List Management

New: Manage, view, and edit your lists in Recorded Future (Available from Cortex XSOAR 6.5.0).

Related pull requests:
- 28400
- 27761

Download

1.6.3 - 5819201 (July 20, 2023)

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.12.65389.

Recorded Future - Lists

Updated the Docker image to: demisto/python3:3.10.12.65389.

Recorded Future - Playbook Alerts

Updated the Docker image to: demisto/python3:3.10.12.65389.

Related pull requests:
- 28328

Download

1.6.2 - R5801668 (July 18, 2023)

Incident Types

Recorded Future Alert
Removed the default playbook of this incident type.

Related pull requests:
- 27539

Download

1.6.1 - 5598535 (June 23, 2023)

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.12.63474.

Recorded Future - Lists

Updated the Docker image to: demisto/python3:3.10.12.63474.

Recorded Future - Playbook Alerts

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27677
- 27539

Download

1.6.0 - 5470583 (June 7, 2023)

Classifiers

Recorded Future Playbook Alert Classifier

Added Recorded Code Repo Leakage to the Recorded Future Playbook Alert Classifier

Incident Types

New: Recorded Future Code Repo Leakage

Integrations

Recorded Future - Playbook Alerts

Updated the Docker image to: demisto/python3:3.10.11.61265.
Added Code Repo Leakage as option to Playbook Alerts: Fetched Category
Added hinted type code_repo_leakage to category param for recordedfuture-playbookalerts-search command

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.11.61265.

New: Recorded Future - Lists

Search and manage watchlists in Recorded Future (Available from Cortex XSOAR 6.5.0).
Search command added to search for available lists in Recorded Future
Command to add entities to a list based on id or freetext name/type, to manage Recorded Future lists.

Mappers

Recorded Future Playbook Alert Mapper

Added Recorded Code Repo Leakage to the Recorded Future Playbook Alert Mapper

Related pull requests:
- 26996
- 27281

Download

1.5.4 - 5404881 (May 30, 2023)

Playbooks

Recorded Future CVE Intelligence

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future CVE Reputation

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future Domain Intelligence

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future Domain Reputation

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future Entity Enrichment

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future File Intelligence

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future File Reputation

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future IP Intelligence

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future IP Reputation

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future Threat Assessment

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future URL Intelligence

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future URL Reputation

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Related pull requests:
- 26589
- 27020

Download

1.5.3 - 5299536 (May 18, 2023)

Integrations

Recorded Future v2

Upgraded the Docker image to: demisto/python3:3.10.11.59070.

Related pull requests:
- 26628
- 27020
- 26589

Download

1.5.2 - 5189071 (May 4, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 26246

Download

1.5.1 - R5170573 (May 2, 2023)

Layouts

New: Recorded Future Playbook Alert Domain Abuse
This item is no longer supported in XSIAM.
New: Recorded Future Playbook Alert Layout
This item is no longer supported in XSIAM.
New: Recorded Future Playbook Alert Vulnerability
This item is no longer supported in XSIAM.

Related pull requests:
- 25673

Download

1.4.0 - 4856877 (March 20, 2023)

Classifiers

New: Recorded Future Playbook Alert Classifier

Created classifier for Recorded Future Playbook Alerts

Incident Fields

New: Recorded Future DNS Records
New: Recorded Future Identified CVE
New: Recorded Future Identified Domain
New: Recorded Future Insikt Notes
New: Recorded Future Risk Rule
New: Recorded Future Targeted Domains
New: Recorded Future Targeted Products
New: Recorded Future Whois Record Data
Recorded Future Alert Entities

Incident Types

New: Recorded Future Domain Abuse
New: Recorded Future Playbook Alert
New: Recorded Future Vulnerability

Integrations

New: Recorded Future - Playbook Alerts

Fetch & triage Recorded Future Playbook Alerts

Recorded Future v2

Renamed the setting Incident Sharing to Collective Insight Settings and made it a required parameter of Single select dropdown type

Layouts

New: Recorded Future Playbook Alert Domain Abuse
Added new layout for Recorded Future Playbook alerts of type Domain Abuse
New: Recorded Future Playbook Alert Layout
Added new default layout for Recorded Future Playbook Alerts
New: Recorded Future Playbook Alert Vulnerability
Added new layout for Recorded Future Playbook Alerts of type Vulnerability

Mappers

New: Recorded Future Playbook Alert Mapper

Created a new Incomming mapper that maps the data in Recorded Future playbook alerts

Playbooks

New: Recorded Future Domain Abuse

This playbook was developed as a template to handle the ingestion of Recorded Future Domain Abuse playbook alerts.

New: Recorded Future Playbook Alert Details

A default playbook to fetch details of Playbook alert that does not yet have mapping made by Recorded Future

New: Recorded Future Vulnerability

This playbook was developed as a template to handle the ingestion of Recorded Future Cyber Vulnerability playbook alerts.

Related pull requests:
- 25373

Download

1.3.4 - 4797511 (March 12, 2023)

Integrations

Recorded Future v2

Documentation and metadata improvements.

Related pull requests:
- 25184

Download

1.3.3 - 4718798 (March 1, 2023)

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24934

Download

1.3.2 - R4646022 (February 19, 2023)

Layouts

RecordedFutureLayout
This item is no longer supported in XSIAM.
Recorded Future Incident
This item is no longer supported in XSIAM.

Related pull requests:
- 24223

Download

1.3.1 - R4372591 (January 11, 2023)

Dashboards

Recorded Future

Improved performance on the type and closeReason widget fields.

Related pull requests:
- 23438

Download

1.3.0 - 4054659 (November 17, 2022)

Classifiers

New: Recorded Future - Classifier

Added the Recorded Future - Classifier which Classifies Recorded Future alerts to respective incidents types.

Incident Fields

Recorded Future Alert Entities

Incident Types

Recorded Future Leaked Credential Monitoring
Recorded Future New Critical or Pre NVD Vulnerabilities
Recorded Future Potential Typosquat

Integrations

Recorded Future v2

Added the recordedfuture-malware-search command.
Added the ability to get intelligence for malware using the entity_type argument and added the ability to fetch
analyst notes using the new argument: fetch_analyst_notes for recordedfuture-intelligence command.
Made the argument fetch_related_entities be optional for recordedfuture-intelligence command. Default value
is "no".
Added the Alert Statuses to include in the fetch integration parameter, which specify alert statuses to include in the fetch. If empty,
the default value of 'no-action' will be used.
Added the Update alert status on fetch integration parameter, which specify whether to update alert status to "pending" after it
have been fetched (only for alerts with "no-action" status).
Added Turn on "Incident Sharing" integration parameter, which allows users to share anonymized correlations from
playbooks with Recorded Future to improve intelligence quality.
Fixed an issue where the integration would repeatedly fetch the same alerts due to incorrectly setting the last fetch
time in last run dict.
Renamed "File Threshold. Minimum risk score from Recorded Future to consider the file malicious." integration parameter to File Threshold.
Renamed "CVE Threshold. Minimum risk score from Recorded Future to consider the CVE malicious." integration parameter to CVE Threshold.
Renamed "IP Threshold. Minimum risk score from RF to consider the IP malicious." integration parameter to IP Threshold.
Renamed "Domain Threshold. Minimum risk score from Recorded Future to consider the domain malicious." integration parameter to Domain Threshold.
Renamed "URL Threshold. Minimum risk score from Recorded Future to consider the URL malicious." integration parameter to URL Threshold.
Renamed "Vulnerability Threshold. Minimum risk score from Recorded Future to consider the vulnerability critical." integration parameter to Vulnerability Threshold.
Renamed "Rule names to fetch alerts by, separated by semicolon. If empty, all alerts will be fetched." integration parameter to Rule names to fetch alerts by.
Renamed "First fetch time ( , e.g., 12 hours, 7 days, 3 months, 1 year)." integration parameter to First fetch time.

Layouts

Recorded Future Incident
RecordedFutureLayout - deprecated. Use Recorded Future Incident instead.

Mappers

New: Recorded Future - Incoming Mapper

Added the Recorded Future - Incoming Mapper which maps incoming Recorded Future alert data to incident fields.

Playbooks

New: Recorded Future Entity Enrichment

Added the Recorded Future Entity Enrichment template playbook which incorporate Recorded Future enrichment for
IPs, Hashes, Domains, URLs into your current workflows. Playbook also shows how to look up available 'Links' data for
IOCs.

New: Recorded Future Sandbox

Added the Recorded Future Sandbox template Playbook which detonate files and URLs, retrieve the sandbox
report and enrich IOCs from malware report with Recorded Future data.

New: Recorded Future Leaked Credential Alert Handling

Added the Recorded Future Leaked Credential Alert Handling template playbook that shows suggested steps to
triage leaked credential alerts. Classifier/Mapper are available to ingest Recorded Future Leaked Credential Alerts.

New: Recorded Future Typosquat Alert Handling

Added the Recorded Future Typosquat Alert Handling template playbook that shows suggested steps to triage typo
squat alerts. Classifier/Mapper are available to ingest Recorded Future Typo squat Alerts.

New: Recorded Future Vulnerability Alert Handling

Added the Recorded Future Vulnerability Alert Handling template playbook that show suggested steps to triage new
critical vulnerability alerts. Playbook include New and Critical CVEs. Classifier/Mapper are available to ingest
Recorded Future New, Critical or Pre NVD Vulnerability Alerts.

Related pull requests:
- 22312
- 22286
- 21906

Download

PUBLISHER

Recorded Future

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	September 23, 2020
Last Release	November 5, 2023

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.

Recorded Future Intelligence

"Recorded Future Intelligence" Pack Documentation

Integrations

Recorded Future v2

Available Actions

Relevant Playbooks

Relevant Classifiers

Relevant Incident Types

Relevant Layouts

Recorded Future - Playbook Alerts

Available Actions

Relevant Playbooks

Relevant Classifiers

Relevant Incident Types

Relevant Layouts

​

Recorded Future - Lists

Available Actions

Dashboards and indicators

Integrations

Recorded Future v2

Incident Fields

Integrations

Recorded Future v2

Layouts

Mappers

Recorded Future - Incoming Mapper

Playbooks

Recorded Future - Threat Actor Search

Integrations

Recorded Future v2

Playbooks

New: Recorded Future - Threat Actor Search

Integrations

Recorded Future v2

Recorded Future - Lists

Recorded Future - Playbook Alerts

Integrations

Recorded Future - Playbook Alerts

Integrations

Recorded Future v2

Recorded Future - Lists

Integrations

Recorded Future v2

Recorded Future - Playbook Alerts

Recorded Future - Lists

Integrations

Recorded Future v2

Integrations

Recorded Future - Lists

Playbooks

New: Recorded Future List Management

Integrations

Recorded Future v2

Recorded Future - Lists

Recorded Future - Playbook Alerts

Incident Types

Integrations

Recorded Future v2

Recorded Future - Lists

Recorded Future - Playbook Alerts

Classifiers

Recorded Future Playbook Alert Classifier

Incident Types

Integrations

Recorded Future - Playbook Alerts

Recorded Future v2

New: Recorded Future - Lists

Mappers

Recorded Future Playbook Alert Mapper

Playbooks

Recorded Future CVE Intelligence

Recorded Future CVE Reputation

Recorded Future Domain Intelligence

Recorded Future Domain Reputation

Recorded Future Entity Enrichment

Recorded Future File Intelligence

Recorded Future File Reputation

Recorded Future IP Intelligence

Recorded Future IP Reputation