Sdílet prostřednictvím


Recorded Future [DEPRECATED]

Recorded Future Connector enables access to the Recorded Future Intelligence. The connector has dedicated actions for pulling Recorded Future indicators (IP, Domain, URL, Hash) and associated context (Risk Score, Risk Rules, Intelligence Card Link and Related Entities) , Vulnerabilities, Recorded Future Alerts and enables access to Recorded Future SOAR API and Fusion Files

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
     -   US Department of Defense (DoD)
Power Automate Premium All Power Automate regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Power Apps Premium All Power Apps regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Contact
Name Recorded Future Support
URL https://support.recordedfuture.com
Email support@recordedfuture.com
Connector Metadata
Publisher Recorded Future
Website https://www.recordedfuture.com
Privacy Policy https://www.recordedfuture.com/privacy-policy/
Categories AI;Data

The Recorded Future integration allows real-time security intelligence to be integrated into popular Microsoft services like Sentinel, Defender ATP, and others. This empowers our clients to maximize their existing security investments, ensuring they have real-time intelligence to secure their cloud environments and reduce risk to the organization. The Recorded Future connector for Microsoft Azure enables access to dedicated actions for pulling Recorded Future indicators (IP, Domain, URL, Hash, Vulnerabilities), associated context (Risk Score, Risk Rules, Intelligence Card Link and Related Entities), and Recorded Future alerts.

Prerequisites

To enable the Recorded Future for Microsoft Azure integration, users must be provisioned a Recorded Future API token. Please reach to your account manager to obtain the necessary API token.

How to get credentials

Prior to use of the Recorded Future integration for Microsoft Azure, users must provision an API token from their account manager or from within the Recorded Future portal necessary for the integration.

  1. Login to the Recorded Future Portal (https://app.recordedfuture.com). Click on the menu in the upper right and choose “User Settings”.

  2. On the User Settings menu, choose the “API Access” section and click the “Generate New API Token” link.

  3. Provide a name for your token, select a “Description” of “Microsoft Azure”, and then click the “Create” button. Save the API token that is generated, since you will configure it within the Microsoft Azure connector for the integration.

Known issues and limitations

N/A

Creating a connection

The connector supports the following authentication types:

Default Parameters for creating connection. All regions Not shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Name Type Description Required
API Key securestring The API Key for this api True

Throttling Limits

Name Calls Renewal Period
API calls per connection 100 60 seconds

Actions

Domain Enrichment (deprecated) [DEPRECATED]

Domain Enrichment with Recorded Future data (deprecated)

Domain Extension Enrichment (deprecated) [DEPRECATED]

Domain Enrichment with Recorded Future Extension Partner data (deprecated)

Hash Enrichment (deprecated) [DEPRECATED]

Hash Enrichment with Recorded Future data (deprecated)

Hash Extension Enrichment (deprecated) [DEPRECATED]

Hash Enrichment with Recorded Future Extension Partner data (deprecated)

IP Enrichment (deprecated) [DEPRECATED]

IP Enrichment with Recorded Future data (deprecated)

IP Extension Enrichment (deprecated) [DEPRECATED]

IP Enrichment with Recorded Future Extension Partner data (deprecated)

Lookup Alert Notification (deprecated) [DEPRECATED]

Lookup Alert Notification (deprecated)

Recorded Future RiskLists and SCF Download (deprecated) [DEPRECATED]

Recorded Future RiskList & Security Control Feeds Download (deprecated)

Search Alert Notifications (deprecated) [DEPRECATED]

Search Alert Notifications (deprecated)

Search Alert Rules (deprecated) [DEPRECATED]

Search Recorded Future UI Alert Rules (deprecated)

SOAR API - Look up multiple entities (deprecated) [DEPRECATED]

SOAR API - Look up multiple entities (Specific Access is Required) (deprecated)

URL Enrichment (deprecated) [DEPRECATED]

URL Enrichment with Recorded Future data (deprecated)

URL Extension Enrichment (deprecated) [DEPRECATED]

URL Enrichment with Recorded Future Extension Partner data (deprecated)

Vulnerability Enrichment (deprecated) [DEPRECATED]

Vulnerability Enrichment with Recorded Future data (deprecated)

Vulnerability Extension Enrichment (deprecated) [DEPRECATED]

Vulnerability Enrichment with Recorded Future Extension Partner data (deprecated)

Domain Enrichment (deprecated) [DEPRECATED]

Domain Enrichment with Recorded Future data (deprecated)

Parameters

Name Key Required Type Description
Domain input
domain True string

The domain to lookup. Must be a single domain

Returns

Name Path Type Description
intelCard
data.intelCard string

Recorded Future Intelligence Card Link

criticalityLabel
data.risk.criticalityLabel string

Recorded Future Indicator Criticality Level

score
data.risk.score integer

Recorded Future Indicator Risk Score

evidenceDetails
data.risk.evidenceDetails array of object

evidenceDetails

evidenceString
data.risk.evidenceDetails.evidenceString string

Recorded Future Risk Rules Evidence Details

rule
data.risk.evidenceDetails.rule string

Recorded Future Indicator Risk Rules

riskSummary
data.risk.riskSummary string

Recorded Future Risk Rules Summary

Domain Extension Enrichment (deprecated) [DEPRECATED]

Domain Enrichment with Recorded Future Extension Partner data (deprecated)

Parameters

Name Key Required Type Description
Domain input
domain True string

The domain to lookup. Must be a single domain

Extension to call
extension True string

Extension to call

Returns

Hash Enrichment (deprecated) [DEPRECATED]

Hash Enrichment with Recorded Future data (deprecated)

Parameters

Name Key Required Type Description
HASH input
hash True string

The HASH to lookup. Must be a single HASH

Returns

Name Path Type Description
intelCard
data.intelCard string

Recorded Future Intelligence Card Link

criticalityLabel
data.risk.criticalityLabel string

Recorded Future Indicator Criticality Level

score
data.risk.score integer

Recorded Future Indicator Risk Score

evidenceDetails
data.risk.evidenceDetails array of object

evidenceDetails

evidenceString
data.risk.evidenceDetails.evidenceString string

Recorded Future Risk Rules Evidence Details

rule
data.risk.evidenceDetails.rule string

Recorded Future Indicator Risk Rules

riskSummary
data.risk.riskSummary string

Recorded Future Risk Rules Summary

Hash Extension Enrichment (deprecated) [DEPRECATED]

Hash Enrichment with Recorded Future Extension Partner data (deprecated)

Parameters

Name Key Required Type Description
HASH input
hash True string

The HASH to lookup. Must be a single HASH

Extension to call
extension True string

Extension to call

Returns

IP Enrichment (deprecated) [DEPRECATED]

IP Enrichment with Recorded Future data (deprecated)

Parameters

Name Key Required Type Description
IP input
ip True string

The IP address to lookup. Must be a single IP address

Returns

Name Path Type Description
intelCard
data.intelCard string

Recorded Future Intelligence Card Link

criticalityLabel
data.risk.criticalityLabel string

Recorded Future Indicator Criticality Level

score
data.risk.score integer

Recorded Future Indicator Risk Score

evidenceDetails
data.risk.evidenceDetails array of object

evidenceDetails

evidenceString
data.risk.evidenceDetails.evidenceString string

Recorded Future Risk Rules Evidence Details

rule
data.risk.evidenceDetails.rule string

Recorded Future Indicator Risk Rules

a
data.risk.riskSummary string

Recorded Future Risk Rules Summary

IP Extension Enrichment (deprecated) [DEPRECATED]

IP Enrichment with Recorded Future Extension Partner data (deprecated)

Parameters

Name Key Required Type Description
Input IP
ip True string

The IP address to lookup. Must be a single IP address

Extension to call
extension True string

Extension to call

Returns

Lookup Alert Notification (deprecated) [DEPRECATED]

Lookup Alert Notification (deprecated)

Parameters

Name Key Required Type Description
Alert Notification ID
id True string

Alert Notification ID

Returns

Recorded Future RiskLists and SCF Download (deprecated) [DEPRECATED]

Recorded Future RiskList & Security Control Feeds Download (deprecated)

Parameters

Name Key Required Type Description
Path to file
path True string

Path to file

Returns

Search Alert Notifications (deprecated) [DEPRECATED]

Search Alert Notifications (deprecated)

Parameters

Name Key Required Type Description
Triggered
triggered string

All Elasticsearch compatible date formats are valid.

Alert Rule ID
alertRule True string

Alert Rule ID

Maximum number of records
limit integer

Maximum number of records

Records from offset
from integer

Records from offset

Returns

response
string

Search Alert Rules (deprecated) [DEPRECATED]

Search Recorded Future UI Alert Rules (deprecated)

Parameters

Name Key Required Type Description
Freetext search
freetext string

Freetext search for Alert Rule Name

Maximum number of records
limit integer

Maximum number of records

Returns

Name Path Type Description
results
data.results array of object

results

Alert Rule Title
data.results.title string

title

Alert Rule ID
data.results.id string

id

Returned Number of Alert Rules
counts.returned integer

returned

Total Number of Alert Rules
counts.total integer

total

SOAR API - Look up multiple entities (deprecated) [DEPRECATED]

SOAR API - Look up multiple entities (Specific Access is Required) (deprecated)

Parameters

Name Key Required Type Description
ip
ip array of string

ip

url
url array of string

url

domain
domain array of string

domain

hash
hash array of string

hash

vulnerability
vulnerability array of string

vulnerability

Returns

response
string

URL Enrichment (deprecated) [DEPRECATED]

URL Enrichment with Recorded Future data (deprecated)

Parameters

Name Key Required Type Description
URL input
url True string

The URL to lookup. Must be a single URL

Returns

Name Path Type Description
criticalityLabel
data.risk.criticalityLabel string

Recorded Future Indicator Criticality Level

score
data.risk.score integer

Recorded Future Indicator Risk Score

evidenceDetails
data.risk.evidenceDetails array of object

evidenceDetails

evidenceString
data.risk.evidenceDetails.evidenceString string

Recorded Future Risk Rules Evidence Details

rule
data.risk.evidenceDetails.rule string

Recorded Future Indicator Risk Rules

riskSummary
data.risk.riskSummary string

Recorded Future Risk Rules Summary

URL Extension Enrichment (deprecated) [DEPRECATED]

URL Enrichment with Recorded Future Extension Partner data (deprecated)

Parameters

Name Key Required Type Description
URL input
url True string

The URL to lookup. Must be a single URL

Extension to call
extension True string

Extension to call

Returns

Vulnerability Enrichment (deprecated) [DEPRECATED]

Vulnerability Enrichment with Recorded Future data (deprecated)

Parameters

Name Key Required Type Description
Vulnerability ID (CVE, name) input
id True string

The Vulnerability ID (CVE, name) to lookup. Must be a single Vulnerability ID (CVE, name)

Returns

Name Path Type Description
intelCard
data.intelCard string

Recorded Future Intelligence Card Link

criticalityLabel
data.risk.criticalityLabel string

Recorded Future Vulnerability Criticality Level

score
data.risk.score integer

Recorded Future Vulnerability Risk Score

evidenceDetails
data.risk.evidenceDetails array of object

evidenceDetails

evidenceString
data.risk.evidenceDetails.evidenceString string

Recorded Future Risk Rules Evidence Details

rule
data.risk.evidenceDetails.rule string

Recorded Future Vulnerability Risk Rules

riskSummary
data.risk.riskSummary string

Recorded Future Risk Rules Summary

Vulnerability Extension Enrichment (deprecated) [DEPRECATED]

Vulnerability Enrichment with Recorded Future Extension Partner data (deprecated)

Parameters

Name Key Required Type Description
Vulnerability ID (CVE, name) input
id True string

The Vulnerability ID (CVE, name) to lookup. Must be a single Vulnerability ID (CVE, name)

Extension to call
extension True string

Extension to call

Returns

Definitions

string

This is the basic data type 'string'.