Recorded Future File Reputation

File reputation using Recorded Future SOAR Enrichment

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts. Depends on the recorded futures indicator field; risk rules.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • Recorded Future v2

Scripts#

This playbook does not use any scripts.

Commands#

  • file

Playbook Inputs#


NameDescriptionDefault ValueRequired
MD5File MD5 hash to get reputation of.File.MD5Optional
SHA256File SHA-256 hash to get reputation of.File.SHA256Optional
SHA1File SHA-1 hash to get reputation of.File.SHA1Optional

Playbook Outputs#


PathDescriptionType
DBotScore.IndicatorThe indicator that was testedstring
DBotScore.TypeIndicator typestring
DBotScore.VendorVendor used to calculate the scorestring
DBotScore.ScoreThe actual scorenumber
File.SHA256File SHA-256string
File.SHA512File SHA-512string
File.SHA1File SHA-1string
File.MD5File MD5string
File.CRC32File CRC32string
File.CTPHFile CTPHstring
File.Malicious.VendorFor malicious files, the vendor that made the decisionstring
File.Malicious.DescriptionFor malicious files, the reason that the vendor made the decisionstring
RecordedFuture.File.riskScoreRecorded Future Hash Risk Scorenumber
RecordedFuture.File.riskLevelRecorded Future Hash Risk Levelstring
RecordedFuture.File.Evidence.ruleRecorded Risk Rule Namestring
RecordedFuture.File.Evidence.mitigationRecorded Risk Rule Mitigationstring
RecordedFuture.File.Evidence.descriptionRecorded Risk Rule descriptionstring
RecordedFuture.File.Evidence.timestampRecorded Risk Rule timestampdate
RecordedFuture.File.Evidence.levelRecorded Risk Rule Levelnumber
RecordedFuture.File.Evidence.ruleidRecorded Risk Rule IDstring
RecordedFuture.File.nameHashstring
RecordedFuture.File.maxRulesMaximum count of Recorded Future Hash Risk Rulesnumber
RecordedFuture.File.ruleCountNumber of triggered Recorded Future Hash Risk Rulesnumber

Playbook Image#


Recorded Future File Reputation