Recorded Future IOC Reputation

Entity Reputation using sub-playbooks

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts. Depends on the recorded futures indicator field; risk rules.

Sub-playbooks#

  • Recorded Future Domain Reputation
  • Recorded Future URL Reputation
  • Recorded Future CVE Reputation
  • Recorded Future IP Reputation
  • Recorded Future File Reputation

Integrations#

This playbook does not use any integrations.

Scripts#

This playbook does not use any scripts.

Commands#

This playbook does not use any commands.

Playbook Inputs#

NameDescriptionDefault ValueRequired
IPThe IP addresses to enrichIP.AddressOptional
MD5File MD5 to enrichFile.MD5Optional
SHA256File SHA256 to enrichFile.SHA256Optional
SHA1File SHA1 to enrichFile.SHA1Optional
URLURL to enrichURL.DataOptional
DomainThe domain name to enrichDomain.NameOptional

Playbook Outputs#

PathDescriptionType
DBotScore.IndicatorThe indicator that was testedstring
DBotScore.TypeIndicator typestring
DBotScore.VendorVendor used to calculate the scorestring
DBotScore.ScoreThe actual scorenumber
CVE.IDVulnerability namestring
Domain.NameDomain namestring
Domain.Malicious.VendorFor malicious Domains, the vendor that made the decisionstring
Domain.Malicious.DescriptionFor malicious Domains, the reason that the vendor made the decisionstring
IP.AddressIP addressstring
IP.Malicious.VendorFor malicious IP addresses, the vendor that made the decisionstring
IP.Malicious.DescriptionFor malicious IP addresses, the reason that the vendor made the decisionstring
URL.DataURL namestring
URL.Malicious.VendorFor malicious URLs, the vendor that made the decisionstring
URL.Malicious.DescriptionFor malicious URLs, the reason that the vendor made the decisionstring
File.SHA256File SHA-256string
File.SHA512File SHA-512string
File.SHA1File SHA-1string
File.MD5File MD5string
File.CRC32File CRC32string
File.CTPHFile CTPHstring
File.Malicious.VendorFor malicious files, the vendor that made the decisionstring
File.Malicious.DescriptionFor malicious files, the reason that the vendor made the decisionstring
RecordedFuture.File.riskScoreRecorded Future Hash Risk Scorenumber
RecordedFuture.File.riskLevelRecorded Future Hash Risk Levelstring
RecordedFuture.File.Evidence.ruleRecorded Risk Rule Namestring
RecordedFuture.File.Evidence.mitigationRecorded Risk Rule Mitigationstring
RecordedFuture.File.Evidence.descriptionRecorded Risk Rule descriptionstring
RecordedFuture.File.Evidence.timestampRecorded Risk Rule timestampdate
RecordedFuture.File.Evidence.levelRecorded Risk Rule Levelnumber
RecordedFuture.File.Evidence.ruleidRecorded Risk Rule IDstring
RecordedFuture.File.nameHashstring
RecordedFuture.File.maxRulesMaximum count of Recorded Future Hash Risk Rulesnumber
RecordedFuture.File.ruleCountNumber of triggered Recorded Future Hash Risk Rulesnumber
RecordedFuture.IP.riskScoreRecorded Future IP Risk Scorenumber
RecordedFuture.IP.riskLevelRecorded Future IP Risk Levelstring
RecordedFuture.IP.Evidence.ruleRecorded Risk Rule Namestring
RecordedFuture.IP.Evidence.mitigationRecorded Risk Rule Mitigationstring
RecordedFuture.IP.Evidence.descriptionRecorded Risk Rule Descriptionstring
RecordedFuture.IP.Evidence.timestampRecorded Risk Rule Timestampdate
RecordedFuture.IP.Evidence.levelRecorded Risk Rule Levelnumber
RecordedFuture.IP.Evidence.ruleidRecorded Risk Rule IDstring
RecordedFuture.IP.nameIP Addressstring
RecordedFuture.IP.maxRulesMaximum count of Recorded Future IP Risk Rulesnumber
RecordedFuture.IP.ruleCountNumber of triggered Recorded Future IP Risk Rulesnumber
RecordedFuture.CVE.riskLevelRecorded Future Vulnerability Risk Levelstring
RecordedFuture.CVE.riskScoreRisk Scorenumber
RecordedFuture.CVE.Evidence.ruleRecorded Risk Rule Namestring
RecordedFuture.CVE.Evidence.mitigationRecorded Risk Rule Mitigationstring
RecordedFuture.CVE.Evidence.descriptionRecorded Risk Rule descriptionstring
RecordedFuture.CVE.Evidence.timestampRecorded Risk Rule timestampdate
RecordedFuture.CVE.Evidence.levelRecorded Risk Rule Levelnumber
RecordedFuture.CVE.Evidence.ruleidRecorded Risk Rule IDstring
RecordedFuture.CVE.nameVulnerability namestring
RecordedFuture.CVE.maxRulesMaximum count of Recorded Future Vulnerability Risk Rulesnumber
RecordedFuture.CVE.ruleCountNumber of triggered Recorded Future Vulnerability Risk Rulesnumber
RecordedFuture.Domain.riskScoreRecorded Future Domain Risk Scorenumber
RecordedFuture.Domain.riskLevelRecorded Future Domain Risk Levelstring
RecordedFuture.Domain.Evidence.ruleRecorded Risk Rule Namestring
RecordedFuture.Domain.Evidence.mitigationRecorded Risk Rule Mitigationstring
RecordedFuture.Domain.Evidence.descriptionRecorded Risk Rule descriptionstring
RecordedFuture.Domain.Evidence.timestampRecorded Risk Rule timestampdate
RecordedFuture.Domain.Evidence.levelRecorded Risk Rule Levelnumber
RecordedFuture.Domain.Evidence.ruleidRecorded Risk Rule IDstring
RecordedFuture.Domain.nameDomain namestring
RecordedFuture.Domain.maxRulesMaximum count of Recorded Future Domain Risk Rulesnumber
RecordedFuture.Domain.ruleCountNumber of triggered Recorded Future Domain Risk Rulesnumber
RecordedFuture.URL.riskScoreRecorded Future URL Risk Scorenumber
RecordedFuture.URL.riskLevelRecorded Future URL Risk Levelstring
RecordedFuture.URL.Evidence.ruleRecorded Risk Rule Namestring
RecordedFuture.URL.Evidence.mitigationRecorded Risk Rule Mitigationstring
RecordedFuture.URL.Evidence.descriptionRecorded Risk Rule descriptionstring
RecordedFuture.URL.Evidence.timestampRecorded Risk Rule timestampdate
RecordedFuture.URL.Evidence.levelRecorded Risk Rule Levelnumber
RecordedFuture.URL.Evidence.ruleidRecorded Risk Rule IDstring
RecordedFuture.URL.nameURLstring
RecordedFuture.URL.maxRulesMaximum count of Recorded Future URL Risk Rulesnumber
RecordedFuture.URL.ruleCountNumber of triggered Recorded Future URL Risk Rulesnumber

Playbook Image#

Recorded Future IOC Reputation

Edit this page
Report an Issue