Skip to main content

Recorded Future External Usecase

This Playbook is part of the Recorded Future Identity Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

External use case for Identity search and lookup using Recorded Future Identity

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • Recorded Future Identity

Scripts#

This playbook does not use any scripts.

Commands#

  • recordedfuture-identity-search
  • recordedfuture-identity-lookup

Playbook Inputs#


NameDescriptionDefault ValueRequired
latest-downloadedTime frame for the leaked identitiesLast YearOptional
domain-typeType of the domain(Email, Authorization, All)AuthorizationOptional
identitiesString of identities separated by semicolonRecordedFuture.Credentials.SearchIdentitiesRequired
first-downloadedTime frame for the leaked identitiesLast YearOprional

Playbook Outputs#


PathTypeDescription
RecordedFuture.Credentials.SearchIdentitiesListList of Identities that were found in search command
RecordedFuture.Credentials.Identities.identity.subjectsstringIdentity value
RecordedFuture.Credentials.Identities.countnumberLeaked credentials count number
RecordedFuture.Credentials.Identities.credentials.subjectstringIdentity value
RecordedFuture.Credentials.Identities.credentials.dumps.namestringDump name
RecordedFuture.Credentials.Identities.credentials.dumps.descriptionstringDump description
RecordedFuture.Credentials.Identities.credentials.dumps.downloadedstringDatetime string that show the day when dump was downloaded
RecordedFuture.Credentials.Identities.credentials.typestringDump type
RecordedFuture.Credentials.Identities.credentials.breaches.namestringBreach name
RecordedFuture.Credentials.Identities.credentials.breaches.domainstringBreach domain
RecordedFuture.Credentials.Identities.credentials.breaches.typestringBreach type
RecordedFuture.Credentials.Identities.credentials.breaches.breachedstringDatetime string that show the day when breach happened
RecordedFuture.Credentials.Identities.credentials.breaches.descriptionstringBreach description
RecordedFuture.Credentials.Identities.credentials.breaches.site_descriptionstringBreach site description
RecordedFuture.Credentials.Identities.credentials.first_downloadedstringDatetime string representing firs time downloaded
RecordedFuture.Credentials.Identities.credentials.latest_downloadedstringDatetime string representing last time downloaded
RecordedFuture.Credentials.Identities.credentials.exposed_secret.typestringExposed secret type
RecordedFuture.Credentials.Identities.credentials.exposed_secret.hashes.algorithmstringExposed secret hash algorithm
RecordedFuture.Credentials.Identities.credentials.exposed_secret.hashes.hashstringExposed secret hash value
RecordedFuture.Credentials.Identities.credentials.exposed_secret.effectively_clearbooleanExposed secret clear or not
RecordedFuture.Credentials.Identities.credentials.exposed_secret.details.propertiesstringExposed secret properties
RecordedFuture.Credentials.Identities.credentials.exposed_secret.details.clear_text_hintstringExposed secret text hint
RecordedFuture.Credentials.Identities.credentials.exposed_secret.details.clear_text_hintstringExposed secret

Playbook Image#


Recorded Future External Usecase Playbook