Recorded Future
TL;DR
To integrate with Recorded Future and perform searches with Query:
- Setup the required connection parameters in Recorded Future mentioned in the 'Prerequisites' section of this document.
- Add a Recorded Futures connection source in Query.
- Test the integration with Test connection link.
- Perform searches for indicators of compromise such as external IP addresses, URLS, File signatures, and domains.
Overview
Recorded Future is a threat intelligence platform to help organizations with threat intelligence, risk assessment, and provides contextual insights by analyzing large amounts of data across a vast array of data sources. By integrating with Query, you can:
- Get threat intelligence on indicators of compromise such as IP addresses, URLs, domains and file signatures.
Prerequisites
Make sure you have the following connection parameters to add Recorded Future it as a connection source in Query.
- url:Server URL (e.g., https://api.recordedfuture.com)
- token:API Token
Adding a connection source in Query
- Go to the Connections page, click Add Connections, and select Recorded Future source from the Threat Intelligence and Enrichment category.
- In the General tab, add the following details:
- API Token - API Token created in Recorded Future for API access.
- Base URL - Server URL (e.g., https://api.recordedfuture.com)
- Click the Save button on the top right corner of the screen to save the connection source.
- To test the connection credentials, click on 'Test Connection.' You will see a successful connection message if the credentials are valid. If the test connection fails, then check if the connection parameters are correct. If necessary, change appropriately and retest.
Resources
- Recorded Future API documentation- [<https://api.recordedfuture.com/index.html>]
Updated 10 days ago