Skip to main content

Recorded Future - Threat Actor Search

This Playbook is part of the Recorded Future Intelligence Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.9.0 and later.

Template playbook to initiate an Automated Threat Hunt based on the Threat Map in Recorded Future. The Playbook fetches links related to the Threat Actors part of the Threat Map from Recorded Future and launches a hunt in the SIEM for any detections within the environment.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • QRadar Indicator Hunting V2
  • Splunk Indicator Hunting


  • RecordedFuture
  • Recorded Future v2


This playbook does not use any scripts.


  • recordedfuture-detection-rules
  • recordedfuture-threat-links
  • recordedfuture-threat-map
  • extractIndicators

Playbook Inputs#

NameDescriptionDefault ValueRequired
threat_actorThe threat actor to enrich & hunt indicators for.Optional

Playbook Outputs#

There are no outputs for this playbook.