Recorded Future [DEPRECATED]
Recorded Future Connector enables access to the Recorded Future Intelligence. The connector has dedicated actions for pulling Recorded Future indicators (IP, Domain, URL, Hash) and associated context (Risk Score, Risk Rules, Intelligence Card Link and Related Entities) , Vulnerabilities, Recorded Future Alerts and enables access to Recorded Future SOAR API and Fusion Files
This connector is available in the following products and regions:
Service | Class | Regions |
---|---|---|
Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
Power Automate | Premium | All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Power Apps | Premium | All Power Apps regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Contact | |
---|---|
Name | Recorded Future Support |
URL | https://support.recordedfuture.com |
[email protected] |
Connector Metadata | |
---|---|
Publisher | Recorded Future |
Website | https://www.recordedfuture.com |
Privacy Policy | https://www.recordedfuture.com/privacy-policy/ |
Categories | AI;Data |
The Recorded Future integration allows real-time security intelligence to be integrated into popular Microsoft services like Sentinel, Defender ATP, and others. This empowers our clients to maximize their existing security investments, ensuring they have real-time intelligence to secure their cloud environments and reduce risk to the organization. The Recorded Future connector for Microsoft Azure enables access to dedicated actions for pulling Recorded Future indicators (IP, Domain, URL, Hash, Vulnerabilities), associated context (Risk Score, Risk Rules, Intelligence Card Link and Related Entities), and Recorded Future alerts.
Prerequisites
To enable the Recorded Future for Microsoft Azure integration, users must be provisioned a Recorded Future API token. Please reach to your account manager to obtain the necessary API token.
How to get credentials
Prior to use of the Recorded Future integration for Microsoft Azure, users must provision an API token from their account manager or from within the Recorded Future portal necessary for the integration.
Login to the Recorded Future Portal (https://app.recordedfuture.com). Click on the menu in the upper right and choose “User Settings”.
On the User Settings menu, choose the “API Access” section and click the “Generate New API Token” link.
Provide a name for your token, select a “Description” of “Microsoft Azure”, and then click the “Create” button. Save the API token that is generated, since you will configure it within the Microsoft Azure connector for the integration.
Known issues and limitations
N/A
Creating a connection
The connector supports the following authentication types:
Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Name | Type | Description | Required |
---|---|---|---|
API Key | securestring | The API Key for this api | True |
Throttling Limits
Name | Calls | Renewal Period |
---|---|---|
API calls per connection | 100 | 60 seconds |
Actions
Domain Enrichment (deprecated) [DEPRECATED] |
Domain Enrichment with Recorded Future data (deprecated) |
Domain Extension Enrichment (deprecated) [DEPRECATED] |
Domain Enrichment with Recorded Future Extension Partner data (deprecated) |
Hash Enrichment (deprecated) [DEPRECATED] |
Hash Enrichment with Recorded Future data (deprecated) |
Hash Extension Enrichment (deprecated) [DEPRECATED] |
Hash Enrichment with Recorded Future Extension Partner data (deprecated) |
IP Enrichment (deprecated) [DEPRECATED] |
IP Enrichment with Recorded Future data (deprecated) |
IP Extension Enrichment (deprecated) [DEPRECATED] |
IP Enrichment with Recorded Future Extension Partner data (deprecated) |
Lookup Alert Notification (deprecated) [DEPRECATED] |
Lookup Alert Notification (deprecated) |
Recorded Future Risk |
Recorded Future RiskList & Security Control Feeds Download (deprecated) |
Search Alert Notifications (deprecated) [DEPRECATED] |
Search Alert Notifications (deprecated) |
Search Alert Rules (deprecated) [DEPRECATED] |
Search Recorded Future UI Alert Rules (deprecated) |
SOAR API - Look up multiple entities (deprecated) [DEPRECATED] |
SOAR API - Look up multiple entities (Specific Access is Required) (deprecated) |
URL Enrichment (deprecated) [DEPRECATED] |
URL Enrichment with Recorded Future data (deprecated) |
URL Extension Enrichment (deprecated) [DEPRECATED] |
URL Enrichment with Recorded Future Extension Partner data (deprecated) |
Vulnerability Enrichment (deprecated) [DEPRECATED] |
Vulnerability Enrichment with Recorded Future data (deprecated) |
Vulnerability Extension Enrichment (deprecated) [DEPRECATED] |
Vulnerability Enrichment with Recorded Future Extension Partner data (deprecated) |
Domain Enrichment (deprecated) [DEPRECATED]
Domain Enrichment with Recorded Future data (deprecated)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Domain input
|
domain | True | string |
The domain to lookup. Must be a single domain |
Returns
Name | Path | Type | Description |
---|---|---|---|
intelCard
|
data.intelCard | string |
Recorded Future Intelligence Card Link |
criticalityLabel
|
data.risk.criticalityLabel | string |
Recorded Future Indicator Criticality Level |
score
|
data.risk.score | integer |
Recorded Future Indicator Risk Score |
evidenceDetails
|
data.risk.evidenceDetails | array of object |
evidenceDetails |
evidenceString
|
data.risk.evidenceDetails.evidenceString | string |
Recorded Future Risk Rules Evidence Details |
rule
|
data.risk.evidenceDetails.rule | string |
Recorded Future Indicator Risk Rules |
riskSummary
|
data.risk.riskSummary | string |
Recorded Future Risk Rules Summary |
Domain Extension Enrichment (deprecated) [DEPRECATED]
Domain Enrichment with Recorded Future Extension Partner data (deprecated)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Domain input
|
domain | True | string |
The domain to lookup. Must be a single domain |
Extension to call
|
extension | True | string |
Extension to call |
Returns
Hash Enrichment (deprecated) [DEPRECATED]
Hash Enrichment with Recorded Future data (deprecated)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
HASH input
|
hash | True | string |
The HASH to lookup. Must be a single HASH |
Returns
Name | Path | Type | Description |
---|---|---|---|
intelCard
|
data.intelCard | string |
Recorded Future Intelligence Card Link |
criticalityLabel
|
data.risk.criticalityLabel | string |
Recorded Future Indicator Criticality Level |
score
|
data.risk.score | integer |
Recorded Future Indicator Risk Score |
evidenceDetails
|
data.risk.evidenceDetails | array of object |
evidenceDetails |
evidenceString
|
data.risk.evidenceDetails.evidenceString | string |
Recorded Future Risk Rules Evidence Details |
rule
|
data.risk.evidenceDetails.rule | string |
Recorded Future Indicator Risk Rules |
riskSummary
|
data.risk.riskSummary | string |
Recorded Future Risk Rules Summary |
Hash Extension Enrichment (deprecated) [DEPRECATED]
Hash Enrichment with Recorded Future Extension Partner data (deprecated)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
HASH input
|
hash | True | string |
The HASH to lookup. Must be a single HASH |
Extension to call
|
extension | True | string |
Extension to call |
Returns
IP Enrichment (deprecated) [DEPRECATED]
IP Enrichment with Recorded Future data (deprecated)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
IP input
|
ip | True | string |
The IP address to lookup. Must be a single IP address |
Returns
Name | Path | Type | Description |
---|---|---|---|
intelCard
|
data.intelCard | string |
Recorded Future Intelligence Card Link |
criticalityLabel
|
data.risk.criticalityLabel | string |
Recorded Future Indicator Criticality Level |
score
|
data.risk.score | integer |
Recorded Future Indicator Risk Score |
evidenceDetails
|
data.risk.evidenceDetails | array of object |
evidenceDetails |
evidenceString
|
data.risk.evidenceDetails.evidenceString | string |
Recorded Future Risk Rules Evidence Details |
rule
|
data.risk.evidenceDetails.rule | string |
Recorded Future Indicator Risk Rules |
a
|
data.risk.riskSummary | string |
Recorded Future Risk Rules Summary |
IP Extension Enrichment (deprecated) [DEPRECATED]
IP Enrichment with Recorded Future Extension Partner data (deprecated)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Input IP
|
ip | True | string |
The IP address to lookup. Must be a single IP address |
Extension to call
|
extension | True | string |
Extension to call |
Returns
Lookup Alert Notification (deprecated) [DEPRECATED]
Lookup Alert Notification (deprecated)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Alert Notification ID
|
id | True | string |
Alert Notification ID |
Returns
Recorded Future RiskLists and SCF Download (deprecated) [DEPRECATED]
Recorded Future RiskList & Security Control Feeds Download (deprecated)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Path to file
|
path | True | string |
Path to file |
Returns
Search Alert Notifications (deprecated) [DEPRECATED]
Search Alert Notifications (deprecated)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Triggered
|
triggered | string |
All Elasticsearch compatible date formats are valid. |
|
Alert Rule ID
|
alertRule | True | string |
Alert Rule ID |
Maximum number of records
|
limit | integer |
Maximum number of records |
|
Records from offset
|
from | integer |
Records from offset |
Returns
- response
- string
Search Alert Rules (deprecated) [DEPRECATED]
Search Recorded Future UI Alert Rules (deprecated)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Freetext search
|
freetext | string |
Freetext search for Alert Rule Name |
|
Maximum number of records
|
limit | integer |
Maximum number of records |
Returns
Name | Path | Type | Description |
---|---|---|---|
results
|
data.results | array of object |
results |
Alert Rule Title
|
data.results.title | string |
title |
Alert Rule ID
|
data.results.id | string |
id |
Returned Number of Alert Rules
|
counts.returned | integer |
returned |
Total Number of Alert Rules
|
counts.total | integer |
total |
SOAR API - Look up multiple entities (deprecated) [DEPRECATED]
SOAR API - Look up multiple entities (Specific Access is Required) (deprecated)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
ip
|
ip | array of string |
ip |
|
url
|
url | array of string |
url |
|
domain
|
domain | array of string |
domain |
|
hash
|
hash | array of string |
hash |
|
vulnerability
|
vulnerability | array of string |
vulnerability |
Returns
- response
- string
URL Enrichment (deprecated) [DEPRECATED]
URL Enrichment with Recorded Future data (deprecated)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
URL input
|
url | True | string |
The URL to lookup. Must be a single URL |
Returns
Name | Path | Type | Description |
---|---|---|---|
criticalityLabel
|
data.risk.criticalityLabel | string |
Recorded Future Indicator Criticality Level |
score
|
data.risk.score | integer |
Recorded Future Indicator Risk Score |
evidenceDetails
|
data.risk.evidenceDetails | array of object |
evidenceDetails |
evidenceString
|
data.risk.evidenceDetails.evidenceString | string |
Recorded Future Risk Rules Evidence Details |
rule
|
data.risk.evidenceDetails.rule | string |
Recorded Future Indicator Risk Rules |
riskSummary
|
data.risk.riskSummary | string |
Recorded Future Risk Rules Summary |
URL Extension Enrichment (deprecated) [DEPRECATED]
URL Enrichment with Recorded Future Extension Partner data (deprecated)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
URL input
|
url | True | string |
The URL to lookup. Must be a single URL |
Extension to call
|
extension | True | string |
Extension to call |
Returns
Vulnerability Enrichment (deprecated) [DEPRECATED]
Vulnerability Enrichment with Recorded Future data (deprecated)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Vulnerability ID (CVE, name) input
|
id | True | string |
The Vulnerability ID (CVE, name) to lookup. Must be a single Vulnerability ID (CVE, name) |
Returns
Name | Path | Type | Description |
---|---|---|---|
intelCard
|
data.intelCard | string |
Recorded Future Intelligence Card Link |
criticalityLabel
|
data.risk.criticalityLabel | string |
Recorded Future Vulnerability Criticality Level |
score
|
data.risk.score | integer |
Recorded Future Vulnerability Risk Score |
evidenceDetails
|
data.risk.evidenceDetails | array of object |
evidenceDetails |
evidenceString
|
data.risk.evidenceDetails.evidenceString | string |
Recorded Future Risk Rules Evidence Details |
rule
|
data.risk.evidenceDetails.rule | string |
Recorded Future Vulnerability Risk Rules |
riskSummary
|
data.risk.riskSummary | string |
Recorded Future Risk Rules Summary |
Vulnerability Extension Enrichment (deprecated) [DEPRECATED]
Vulnerability Enrichment with Recorded Future Extension Partner data (deprecated)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Vulnerability ID (CVE, name) input
|
id | True | string |
The Vulnerability ID (CVE, name) to lookup. Must be a single Vulnerability ID (CVE, name) |
Extension to call
|
extension | True | string |
Extension to call |
Returns
Definitions
string
This is the basic data type 'string'.