Skip to main content

Recorded Future Attack Surface Intelligence

This Integration is part of the Recorded Future Attack Surface Intelligence Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

What does this pack do?#

This pack enables security teams to:#

  • Access a unified risk management from the most popular SOAR platform.
  • Visualize to the most critical risks within your organization
  • Identify security incidents filtered by severity (critical, medium and low)
  • See the full context of the incident, including CVE id, name, description, and affected hostnames.

Configure RecordedFutureASI on Cortex XSOAR#

Get your Project ID#

  • Log in to SecurityTrails SurfaceBrowser
  • Go to the Projects page by clicking the Projects link in the top right
  • Click on the Project that you want to use in XSOAR
  • Copy the ID from the URL (looks like c1234567-c123-4123-9123-0123456789ab)

Get your API Key#

  • Log in to SecurityTrails SurfaceBrowser
  • Click the username in the top right corner
  • Click on Account
  • Go to API > API Keys
  • Create a new API key with a note that it is being used for the XSOAR Integration

Setting up the Integration#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for RecordedFutureASI.
  3. Click Add instance to create and configure a new integration instance.
API KeyFalse
Project IDTrue
Min SeverityFalse
Issue GroupingFalse
Expand IssuesFalse
Fetch incidentsFalse
Incidents Fetch IntervalFalse
Incident typeFalse
First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)False
Max FetchFalse
  1. Click Test to validate the token and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Fetches all the current or added issues.

Base Command#



Argument NameDescriptionRequired
issues_startTimestamp to get added issues afterOptional
group_by_hostWhether to group results by hostOptional
expand_issuesWhether to expand grouped host issues by each issueOptional

Context Output#

There is no context output for this command.