Skip to main content

Recorded Future Attack Surface Intelligence

This Integration is part of the Recorded Future Attack Surface Intelligence Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

What does this pack do?#

This pack enables security teams to:#

  • Access a unified risk management from the most popular SOAR platform.
  • Visualize to the most critical risks within your organization
  • Identify security incidents filtered by severity (critical, medium and low)
  • See the full context of the incident, including CVE id, name, description, and affected hostnames.

Configure RecordedFutureASI on Cortex XSOAR#

Get your Project ID#

  • Log in to SecurityTrails SurfaceBrowser
  • Go to the Projects page by clicking the Projects link in the top right
  • Click on the Project that you want to use in XSOAR
  • Copy the ID from the URL (looks like c1234567-c123-4123-9123-0123456789ab)

Get your API Key#

  • Log in to SecurityTrails SurfaceBrowser
  • Click the username in the top right corner
  • Click on Account
  • Go to API > API Keys
  • Create a new API key with a note that it is being used for the XSOAR Integration

Setting up the Integration#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for RecordedFutureASI.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    API KeyTrue
    Project IDTrue
    Fetch incidentsFalse
    Incidents Fetch IntervalFalse
    Incident typeFalse
    First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)False
    Max FetchFalse
  4. Click Test to validate the token and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

asi-project-issues-fetch#


Fetches all the current or added issues.

Base Command#

asi-project-issues-fetch

Input#

Argument NameDescriptionRequired
issues_startTimestamp to get added issues afterOptional

Context Output#

There is no context output for this command.