Recorded Future IP Reputation

IP address reputation using Recorded Future SOAR Enrichment

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

  • Recorded Future v2

Scripts

This playbook does not use any scripts.

Commands

  • ip

Playbook Inputs


NameDescriptionDefault ValueRequired
IPThe IP address to get reputation of.IP.AddressOptional

Playbook Outputs


PathDescriptionType
DBotScore.IndicatorThe indicator that was testedstring
DBotScore.TypeIndicator typestring
DBotScore.VendorVendor used to calculate the scorestring
DBotScore.ScoreThe actual scorenumber
IP.Malicious.VendorFor malicious IP addresses, the vendor that made the decisionstring
IP.Malicious.DescriptionFor malicious IP addresses, the reason that the vendor made the decisionstring
IP.AddressIP addressstring
RecordedFuture.IP.riskScoreRecorded Future IP Risk Scorenumber
RecordedFuture.IP.riskLevelRecorded Future IP Risk Levelstring
RecordedFuture.IP.Evidence.ruleRecorded Risk Rule Namestring
RecordedFuture.IP.Evidence.mitigationRecorded Risk Rule Mitigationstring
RecordedFuture.IP.Evidence.descriptionRecorded Risk Rule Descriptionstring
RecordedFuture.IP.Evidence.timestampRecorded Risk Rule Timestampdate
RecordedFuture.IP.Evidence.levelRecorded Risk Rule Levelnumber
RecordedFuture.IP.Evidence.ruleidRecorded Risk Rule IDstring
RecordedFuture.IP.nameIP Addressstring
RecordedFuture.IP.maxRulesMaximum count of Recorded Future IP Risk Rulesnumber
RecordedFuture.IP.ruleCountNumber of triggered Recorded Future IP Risk Rulesnumber

Playbook Image


Recorded Future IP Reputation