Details
Content
Dependencies
Version History

Recorded Future App, this pack is previously known as 'RecordedFuture v2'

"Recorded Future Intelligence" Pack Documentation

Integrations

Recorded Future v2

Access Recorded Future data to enrich IPs, domains, URLs, CVEs, Files, and Malwares and assess
threats in regards to a specific context. Use this integration to fetch Recorded Future non-playbook alerts

Available Actions

Reputation actions:
- Gets a reputaion lookup based on Recorded Future's risk assessment for IPs, Domains, Files (hashes), URLs and CVEs
- Using the new Recorded Future SOAR Enrichment API.
- Available actions: ip, domain, url, file(hashes), cve.
Intelligence action
- Fetches full information for the entity.
- Supports IPs, Domains, URLs, Files(hashes), Vulnerabilities(cve), Malwares.
Malware search action
- Search for malware family names curated by Recorded Future
- Look up and enrich malware families with Recorded Future context
Alert actions
- Fetch alerting rules defined at Recorded Future.
- Fetch alert summaries from one or more alerting rules.
- Set alert status in Recorded Future
- Set alert note in Recorded Future
Threat assessment action
- Takes a context, such as phishing or malware and one or more IOC as input.
- Outputs a verdict (true/false) and related evidence (risk rules) for this context.

Relevant Playbooks

All the playbooks are meant to be used as sub-playbooks to get reputation, intelligence or assess the threat level in
regards to a context.

Available Reputation sub-playbooks
- IP
- Domain
- CVE
- File
- URL
- One combined playbook that returns the reputation for all of the above types
Available Intelligence/Enrichment sub-playbooks
- IP
- Domain
- CVE
- File
- URL
Threat assessment sub-playbooks for the following contexts
- Malware
- Phishing
- Command and Control (C2)
- Available template playbooks
- Recorded Future Entity Enrichment
- Recorded Future Sandbox (Hatching)
- Recorded Future Leaked Credentials Alert Handling
- Recorded Future Typosquat Alert Handling
- Recorded Future Vulnerability Alert Handling

Relevant Classifiers

Classifier and Incoming Mapper allows you to classify and map fetched incident onto Recorded Future Incident Types.

Recorded Future - Classifier
Recorded Future - Incoming Mapper

Relevant Incident Types

Recorded Future Alert
Recorded Future Leaked Credential Monitoring
Recorded Future New Critical or Pre NVD Vulnerabilities
Recorded Future Potential Typosquat

Relevant Layouts

Custom layout for Recorded Future incident type

Recorded Future - Playbook Alerts

Fetch & triage Recorded Future Playbook Alerts

Available Actions

recordedfuture-playbook-alerts-details
- View details of a specific Recorded Future playbook alert
- Get Playbook alert details by id
recordedfuture-playbook-alerts-update
- Update the status of one or multiple Playbook alerts
recordedfuture-playbook-alerts-search
- View which Recorded Future playbook alerts are set up in Recorded Future enterprise to be brought into XSOAR
- Search playbook alerts based on filters

Relevant Playbooks

The template playbooks included help you save time and keep your incidents in sync. They also aid with automating repetitive tasks associated with playbook alerts. Template playbooks should be used as launching points to build playbooks for specific use cases supported by Recorded Future. Certain playbook steps in a template playbook need to be configured to function.

Recorded Future Playbook Alert Details
- A default playbook to fetch details of Playbook alert that does not yet have mapping made by Recorded Future
Recorded Future Domain Abuse
- This playbook was developed as a template to handle the ingestion of Recorded Future Domain Abuse playbook alerts.
Recorded Future Vulnerability
- This playbook was developed as a template to handle the ingestion of Recorded Future Cyber Vulnerability playbook alerts.

Relevant Classifiers

Classifier and Incoming Mapper allows you to classify and map fetched incident onto Recorded Future Incident Types.

Recorded Future Playbook Alert Classifier
Recorded Future Playbook Alert Mapper

Relevant Incident Types

Recorded Future Playbook Alert
Recorded Future Domain Abuse
Recorded Future Vulnerability
Recorded Future Code Repo Leakage

Relevant Layouts

Recorded Future Playbook Alert Domain Abuse
Recorded Future Playbook Alert Vulnerability
Recorded Future Alert Layout

Recorded Future - Lists

Search and manage watchlists and lists in Recorded Future

Available Actions

recordedfuture-lists-add-entities
- Add entities to a list, separate entities by commas. "NOTE:" if entity type is specified, only one entity type can be added with each action.
recordedfuture-lists-remove-entities
- Remove entities from a list. Separate entities with commas. "NOTE:" If entity type is specified, only one entity type can be added with each action.
recordedfuture-lists-search
- Search for a Recorded Future list. Returns list entities
recordedfuture-lists-entities
- Fetch entities from given lists. Use search command to find the unique ID of a list.

Dashboards and indicators

Includes a dashboard that details various metrics related to indicators that was generated from Recorded Future data and
incidents that was created from Recorded Future data.

There are two indicator fields added to record which risk rules indicators have triggered as well as whether an
indicator is a malware, c2, or phishing when it has gone through the playbook for threat assessment.

"Recorded Future Intelligence" Pack Documentation

Integrations

Recorded Future v2

Available Actions

Reputation actions:
- Gets a reputaion lookup based on Recorded Future's risk assessment for IPs, Domains, Files (hashes), URLs and CVEs
- Using the new Recorded Future SOAR Enrichment API.
- Available actions: ip, domain, url, file(hashes), cve.
Intelligence action
- Fetches full information for the entity.
- Supports IPs, Domains, URLs, Files(hashes), Vulnerabilities(cve), Malwares.
Malware search action
- Search for malware family names curated by Recorded Future
- Look up and enrich malware families with Recorded Future context
Alert actions
- Fetch alerting rules defined at Recorded Future.
- Fetch alert summaries from one or more alerting rules.
- Set alert status in Recorded Future
- Set alert note in Recorded Future
Threat assessment action
- Takes a context, such as phishing or malware and one or more IOC as input.
- Outputs a verdict (true/false) and related evidence (risk rules) for this context.

Relevant Playbooks

All the playbooks are meant to be used as sub-playbooks to get reputation, intelligence or assess the threat level in
regards to a context.

Available Reputation sub-playbooks
- IP
- Domain
- CVE
- File
- URL
- One combined playbook that returns the reputation for all of the above types
Available Intelligence/Enrichment sub-playbooks
- IP
- Domain
- CVE
- File
- URL
Threat assessment sub-playbooks for the following contexts
- Malware
- Phishing
- Command and Control (C2)
- Available template playbooks
- Recorded Future Entity Enrichment
- Recorded Future Sandbox (Hatching)
- Recorded Future Leaked Credentials Alert Handling
- Recorded Future Typosquat Alert Handling
- Recorded Future Vulnerability Alert Handling

Relevant Classifiers

Classifier and Incoming Mapper allows you to classify and map fetched incident onto Recorded Future Incident Types.

Recorded Future - Classifier
Recorded Future - Incoming Mapper

Relevant Incident Types

Recorded Future Alert
Recorded Future Leaked Credential Monitoring
Recorded Future New Critical or Pre NVD Vulnerabilities
Recorded Future Potential Typosquat

Relevant Layouts

Custom layout for Recorded Future incident type

Recorded Future - Playbook Alerts

Fetch & triage Recorded Future Playbook Alerts

Available Actions

recordedfuture-playbook-alerts-details
- View details of a specific Recorded Future playbook alert
- Get Playbook alert details by id
recordedfuture-playbook-alerts-update
- Update the status of one or multiple Playbook alerts
recordedfuture-playbook-alerts-search
- View which Recorded Future playbook alerts are set up in Recorded Future enterprise to be brought into XSOAR
- Search playbook alerts based on filters

Relevant Playbooks

Recorded Future Playbook Alert Details
- A default playbook to fetch details of Playbook alert that does not yet have mapping made by Recorded Future
Recorded Future Domain Abuse
- This playbook was developed as a template to handle the ingestion of Recorded Future Domain Abuse playbook alerts.
Recorded Future Vulnerability
- This playbook was developed as a template to handle the ingestion of Recorded Future Cyber Vulnerability playbook alerts.

Relevant Classifiers

Classifier and Incoming Mapper allows you to classify and map fetched incident onto Recorded Future Incident Types.

Recorded Future Playbook Alert Classifier
Recorded Future Playbook Alert Mapper

Relevant Incident Types

Recorded Future Playbook Alert
Recorded Future Domain Abuse
Recorded Future Vulnerability
Recorded Future Code Repo Leakage

Relevant Layouts

Recorded Future Playbook Alert Domain Abuse
Recorded Future Playbook Alert Vulnerability
Recorded Future Alert Layout

Recorded Future - Lists

Search and manage watchlists and lists in Recorded Future

Available Actions

recordedfuture-lists-add-entities
- Add entities to a list, separate entities by commas. "NOTE:" if entity type is specified, only one entity type can be added with each action.
recordedfuture-lists-remove-entities
- Remove entities from a list. Separate entities with commas. "NOTE:" If entity type is specified, only one entity type can be added with each action.
recordedfuture-lists-search
- Search for a Recorded Future list. Returns list entities
recordedfuture-lists-entities
- Fetch entities from given lists. Use search command to find the unique ID of a list.

Dashboards and indicators

Includes a dashboard that details various metrics related to indicators that was generated from Recorded Future data and
incidents that was created from Recorded Future data.

Classifiers

Name	Description
Recorded Future Playbook Alert Classifier
Recorded Future - Classifier
Recorded Future Playbook Alert Mapper
Recorded Future - Incoming Mapper

Dashboards

Name	Description
Recorded Future

Incident Fields

Name	Description
Recorded Future Insikt Notes
Recorded Future Whois Record Data
Recorded Future DNS Records
Recorded Future AI Insights
Recorded Future Risk Rule
Recorded Future Identified CVE
Recorded Future Alert Entities
Recorded Future Identified Domain
Recorded Future Targeted Products
Recorded Future Targeted Domains

Incident Types

Name	Description
Recorded Future Code Repo Leakage
Recorded Future Potential Typosquat
Recorded Future Domain Abuse
Recorded Future Playbook Alert
Recorded Future Alert
Recorded Future Leaked Credential Monitoring
Recorded Future New Critical or Pre NVD Vulnerabilities
Recorded Future Vulnerability

Indicator Fields

Name	Description
RecordedFuture Threat assessment
RecordedFuture Risk rules

Integrations

Name	Description
Recorded Future v2 (Partner Contribution)	Unique threat intel technology that automatically serves up relevant insights in real time.
Recorded Future - Playbook Alerts (Partner Contribution)	Fetch & triage Recorded Future Playbook Alerts.
Recorded Future - Lists (Partner Contribution)	Search and manage watchlists in Recorded Future.

Layouts

Name	Description
Recorded Future Playbook Alert Vulnerability	Custom layout for Recorded Future Vulnerability Incident type.
Recorded Future Playbook Alert Domain Abuse	Custom layout for Recorded Future Domain Abuse Incident type.
Recorded Future Playbook Alert Layout	Default layout for Recorded Future Playbook Alert Incident type.
Recorded Future Incident	Custom layout for Recorded Future Incident type.
RecordedFutureLayout	Deprecated. Custom layout for Recorded Future Incident type.

Playbooks

Name	Description
Recorded Future IOC Reputation	Entity Reputation using sub-playbooks
Recorded Future Leaked Credential Alert Handling	Template playbook showing suggested steps to triage leaked credential alerts. Classifier/Mapper are available to ingest Recorded Future Leaked Credential Alerts.
Recorded Future Domain Intelligence	Domain enrichment using Recorded Future intelligence
Recorded Future CVE Reputation	CVE reputation with Recorded Future SOAR enrichment
Recorded Future Playbook Alert Details	A default playbook to fetch details of Playbook alert that does not yet have mapping made by Recorded Future
Recorded Future File Reputation	File reputation using Recorded Future SOAR enrichment
Recorded Future Domain Reputation	Domain reputation using Recorded Future SOAR enrichment
Recorded Future CVE Intelligence	CVE enrichment using Recorded Future intelligence
Recorded Future Vulnerability	This playbook was developed as a template to handle the ingestion of Recorded Future Cyber Vulnerability playbook alerts.
Recorded Future File Intelligence	File enrichment using Recorded Future intelligence
Recorded Future - Threat Actor Search	Template playbook to initiate an Automated Threat Hunt based on the Threat Map in Recorded Future. The Playbook fetches links related to the Threat Actors part of the Threat Map from Recorded Future and launches a hunt in the SIEM for any detections within the environment.
Recorded Future List Management	Manage, view, and edit your lists in Recorded Future.
Recorded Future Entity Enrichment	Template playbook to incorporate Recorded Future enrichment for IPs, Hashes, Domains, URLs into your current workflows. Playbook also shows how to look up available 'Links' data for IOCs.
Recorded Future Sandbox	Template playbook utilizing Hatching.io to sandbox a given file and generate an analysis report. Indicators from the given report are then extracted and enriched with Recorded Future data.
Recorded Future IP Intelligence	IP Address Enrichment using Recorded Future Intelligence
Recorded Future Domain Abuse	This playbook was developed as a template to handle the ingestion of Recorded Future Domain Abuse playbook alerts.
Recorded Future URL Reputation	URL reputation using Recorded Future SOAR enrichment
Recorded Future IP Reputation	IP address reputation using Recorded Future SOAR enrichment
Recorded Future URL Intelligence	URL Enrichment using Recorded Future intelligence
Recorded Future Detailed Alert example
Recorded Future Vulnerability Alert Handling	Template playbook showing suggested steps to triage new critical vulnerability alerts. Playbook include New and Critical CVEs. Classifier/Mapper are available to ingest Recorded Future New, Critical or Pre NVD Vulnerability Alerts.
Recorded Future Typosquat Alert Handling	Template playbook showing suggested steps to triage typo squat alerts. Classifier/Mapper are available to ingest Recorded Future Typo squat Alerts.
Recorded Future Threat Assessment	Threat Assessment using the Recorded Future SOAR Triage API and the context Phishing.

Classifiers

Name	Description
Recorded Future Playbook Alert Classifier
Recorded Future - Classifier
Recorded Future Playbook Alert Mapper
Recorded Future - Incoming Mapper

Incident Fields

Name	Description
Recorded Future Alert Entities
Recorded Future Targeted Products
Recorded Future DNS Records
Recorded Future AI Insights
Recorded Future Risk Rule
Recorded Future Insikt Notes
Recorded Future Targeted Domains
Recorded Future Identified CVE
Recorded Future Whois Record Data
Recorded Future Identified Domain

Incident Types

Name	Description
Recorded Future Playbook Alert
Recorded Future Leaked Credential Monitoring
Recorded Future Potential Typosquat
Recorded Future Vulnerability
Recorded Future New Critical or Pre NVD Vulnerabilities
Recorded Future Alert
Recorded Future Code Repo Leakage
Recorded Future Domain Abuse

Indicator Fields

Name	Description
RecordedFuture Risk rules
RecordedFuture Threat assessment

Integrations

Name	Description
Recorded Future - Playbook Alerts (Partner Contribution)	Fetch & triage Recorded Future Playbook Alerts.
Recorded Future Event Collector	This integration fetches alerts from Recorded Future.
Recorded Future v2 (Partner Contribution)	Unique threat intel technology that automatically serves up relevant insights in real time.
Recorded Future - Lists (Partner Contribution)	Search and manage watchlists in Recorded Future.

Modeling Rules

Name	Description
Recorded Future Modeling Rule

Playbooks

Name	Description
Recorded Future File Intelligence	File enrichment using Recorded Future intelligence
Recorded Future IOC Reputation	Entity Reputation using sub-playbooks
Recorded Future URL Intelligence	URL Enrichment using Recorded Future intelligence
Recorded Future Entity Enrichment	Template playbook to incorporate Recorded Future enrichment for IPs, Hashes, Domains, URLs into your current workflows. Playbook also shows how to look up available 'Links' data for IOCs.
Recorded Future Domain Intelligence	Domain enrichment using Recorded Future intelligence
Recorded Future Threat Assessment	Threat Assessment using the Recorded Future SOAR Triage API and the context Phishing.
Recorded Future List Management	Manage, view, and edit your lists in Recorded Future.
Recorded Future Leaked Credential Alert Handling	Template playbook showing suggested steps to triage leaked credential alerts. Classifier/Mapper are available to ingest Recorded Future Leaked Credential Alerts.
Recorded Future Playbook Alert Details	A default playbook to fetch details of Playbook alert that does not yet have mapping made by Recorded Future
Recorded Future Typosquat Alert Handling	Template playbook showing suggested steps to triage typo squat alerts. Classifier/Mapper are available to ingest Recorded Future Typo squat Alerts.
Recorded Future CVE Intelligence	CVE enrichment using Recorded Future intelligence
Recorded Future URL Reputation	URL reputation using Recorded Future SOAR enrichment
Recorded Future Vulnerability	This playbook was developed as a template to handle the ingestion of Recorded Future Cyber Vulnerability playbook alerts.
Recorded Future Sandbox	Template playbook utilizing Hatching.io to sandbox a given file and generate an analysis report. Indicators from the given report are then extracted and enriched with Recorded Future data.
Recorded Future IP Reputation	IP address reputation using Recorded Future SOAR enrichment
Recorded Future File Reputation	File reputation using Recorded Future SOAR enrichment
Recorded Future Domain Abuse	This playbook was developed as a template to handle the ingestion of Recorded Future Domain Abuse playbook alerts.
Recorded Future - Threat Actor Search	Template playbook to initiate an Automated Threat Hunt based on the Threat Map in Recorded Future. The Playbook fetches links related to the Threat Actors part of the Threat Map from Recorded Future and launches a hunt in the SIEM for any detections within the environment.
Recorded Future Domain Reputation	Domain reputation using Recorded Future SOAR enrichment
Recorded Future IP Intelligence	IP Address Enrichment using Recorded Future Intelligence
Recorded Future Vulnerability Alert Handling	Template playbook showing suggested steps to triage new critical vulnerability alerts. Playbook include New and Critical CVEs. Classifier/Mapper are available to ingest Recorded Future New, Critical or Pre NVD Vulnerability Alerts.
Recorded Future Detailed Alert example
Recorded Future CVE Reputation	CVE reputation with Recorded Future SOAR enrichment

Required Content Packs (9)

Pack Name	Pack By
Base	By: Cortex XSOAR
Censys	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Hatching Triage	By: Hatching
Atlassian Jira	By: Cortex XSOAR
URLScan.io	By: urlscan GmbH
Whois	By: Cortex XSOAR

Optional Content Packs (3)

Pack Name	Pack By
Common Types	By: Cortex XSOAR
IBM QRadar	By: Cortex XSOAR
Splunk	By: Cortex XSOAR

All level dependencies (11)

Pack Name	Pack By
URLScan.io	By: urlscan GmbH
Whois	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Censys	By: Cortex XSOAR
Hatching Triage	By: Hatching
Common Playbooks	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Atlassian Jira	By: Cortex XSOAR

1.7.12 - 938811 (April 7, 2024)

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.14.91134.

Recorded Future - Lists

Updated the Docker image to: demisto/python3:3.10.14.91134.

Recorded Future - Playbook Alerts

Updated the Docker image to: demisto/python3:3.10.14.91134.

Related pull requests:
- 33675

Download

1.7.11 - 865088 (March 3, 2024)

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.13.88772.

Recorded Future - Lists

Updated the Docker image to: demisto/python3:3.10.13.88772.

Recorded Future - Playbook Alerts

Updated the Docker image to: demisto/python3:3.10.13.88772.

Related pull requests:
- 33184

Download

1.7.10 - 823153 (February 12, 2024)

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.13.87159.

Recorded Future - Lists

Updated the Docker image to: demisto/python3:3.10.13.87159.

Recorded Future - Playbook Alerts

Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 32837

Download

1.7.9 - 798475 (February 1, 2024)

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.13.86272.

Recorded Future - Lists

Updated the Docker image to: demisto/python3:3.10.13.86272.

Recorded Future - Playbook Alerts

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32533

Download

1.7.8 - 757686 (January 11, 2024)

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.13.84405.

Recorded Future - Lists

Updated the Docker image to: demisto/python3:3.10.13.84405.

Recorded Future - Playbook Alerts

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32061

Download

1.7.7 - 737854 (January 2, 2024)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 31773

Download

1.7.6 - R7254058 (December 24, 2023)

Integrations

Recorded Future - Playbook Alerts

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31550

Download

1.7.5 - 7161298 (December 14, 2023)

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.13.83255.

Recorded Future - Lists

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31470

Download

1.7.4 - 6800291 (November 5, 2023)

Integrations

Recorded Future v2

Added support for credentials with backwards compatibility for encrypted parameter
Updated the Docker image to: demisto/python3:3.10.13.78960.

Related pull requests:
- 30603
- 30475

Download

1.7.3 - 6679159 (October 23, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 30084

Download

1.7.2 - R6592021 (October 13, 2023)

Incident Fields

New: Recorded Future AI Insights

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.13.75921.
Display Recorded Future AI Insights in incident layout
Add Recorded Future AI Insights to alerts and intelligence commands results

Layouts

Recorded Future Incident
Add Recorded Future AI Insights field to incident layout

Mappers

Recorded Future - Incoming Mapper

Create a mapper for Recorded Future AI Insights

Related pull requests:
- 29961
- 29905

Download

1.7.1 - 6389447 (September 21, 2023)

Playbooks

Recorded Future - Threat Actor Search

Modify the detections rules command "on error" handling
Add the inputs into the sub playbooks for Splunk and QRadar

Related pull requests:
- 29690
- 29807

Download

1.7.0 - 6313394 (September 13, 2023)

Integrations

Recorded Future v2

Added the recordedfuture-threat-map command.
Added the recordedfuture-threat-links command.
Added the recordedfuture-detection-rules command.
Added the recordedfuture-collective-insight command.
Added the Recorded Future - Threat Actor Search playbook.

Playbooks

New: Recorded Future - Threat Actor Search

New: Template playbook to initiate an Automated Threat Hunt based on the Threat Map in Recorded Future. The Playbook fetches links related to the Threat Actors part of the Threat Map from Recorded Future and launches a hunt in the SIEM for any detections within the environment.

Related pull requests:
- 29641
- 29025

Download

1.6.10 - 6253250 (September 6, 2023)

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.13.72123.

Recorded Future - Lists

Updated the Docker image to: demisto/python3:3.10.13.72123.

Recorded Future - Playbook Alerts

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29456

Download

1.6.9 - 6133197 (August 23, 2023)

Integrations

Recorded Future - Playbook Alerts

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29157

Download

1.6.8 - 6086488 (August 18, 2023)

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.12.68714.

Recorded Future - Lists

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29052

Download

1.6.7 - 5950262 (August 3, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 28742

Download

1.6.6 - 5918814 (July 31, 2023)

Integrations

Recorded Future v2

Improved implementation for SSL verification.
Updated the Docker image to: demisto/python3:3.10.12.66339.

Recorded Future - Playbook Alerts

Improved implementation for SSL verification.
Updated the Docker image to: demisto/python3:3.10.12.66339.

Recorded Future - Lists

Improved implementation for SSL verification.

Related pull requests:
- 28624
- 28631

Download

1.6.5 - 5914533 (July 31, 2023)

Integrations

Recorded Future v2

Clean up of the amount of data sent to Recorded Future from the calling context when using Collective Insights: On.
Updated tool tip for Collective Insight setting to reflect what data is sent.

Related pull requests:
- 28579
- 28492

Download

1.6.4 - R5866730 (July 25, 2023)

Integrations

Recorded Future - Lists

Added the recordedfuture-lists-remove-entities command to remove entities from a list.
Added the recordedfuture-lists-entities command to fetch entities from a list.

Playbooks

New: Recorded Future List Management

New: Manage, view, and edit your lists in Recorded Future (Available from Cortex XSOAR 6.5.0).

Related pull requests:
- 28400
- 27761

Download

1.6.3 - 5819201 (July 20, 2023)

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.12.65389.

Recorded Future - Lists

Updated the Docker image to: demisto/python3:3.10.12.65389.

Recorded Future - Playbook Alerts

Updated the Docker image to: demisto/python3:3.10.12.65389.

Related pull requests:
- 28328

Download

1.6.2 - R5801668 (July 18, 2023)

Incident Types

Recorded Future Alert
Removed the default playbook of this incident type.

Related pull requests:
- 27539

Download

1.6.1 - 5598535 (June 23, 2023)

Integrations

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.12.63474.

Recorded Future - Lists

Updated the Docker image to: demisto/python3:3.10.12.63474.

Recorded Future - Playbook Alerts

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27677
- 27539

Download

1.6.0 - 5470583 (June 7, 2023)

Classifiers

Recorded Future Playbook Alert Classifier

Added Recorded Code Repo Leakage to the Recorded Future Playbook Alert Classifier

Incident Types

New: Recorded Future Code Repo Leakage

Integrations

Recorded Future - Playbook Alerts

Updated the Docker image to: demisto/python3:3.10.11.61265.
Added Code Repo Leakage as option to Playbook Alerts: Fetched Category
Added hinted type code_repo_leakage to category param for recordedfuture-playbookalerts-search command

Recorded Future v2

Updated the Docker image to: demisto/python3:3.10.11.61265.

New: Recorded Future - Lists

Search and manage watchlists in Recorded Future (Available from Cortex XSOAR 6.5.0).
Search command added to search for available lists in Recorded Future
Command to add entities to a list based on id or freetext name/type, to manage Recorded Future lists.

Mappers

Recorded Future Playbook Alert Mapper

Added Recorded Code Repo Leakage to the Recorded Future Playbook Alert Mapper

Related pull requests:
- 26996
- 27281

Download

1.5.4 - 5404881 (May 30, 2023)

Playbooks

Recorded Future CVE Intelligence

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future CVE Reputation

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future Domain Intelligence

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future Domain Reputation

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future Entity Enrichment

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future File Intelligence

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future File Reputation

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future IP Intelligence

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future IP Reputation

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future Threat Assessment

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future URL Intelligence

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Recorded Future URL Reputation

Updated the task checking if the RF instance is enabled to check for "Recorded Future v2" instead of "Recorded Future" integration instance

Related pull requests:
- 26589
- 27020

Download

1.5.3 - 5299536 (May 18, 2023)

Integrations

Recorded Future v2

Upgraded the Docker image to: demisto/python3:3.10.11.59070.

Related pull requests:
- 26628
- 27020
- 26589

Download

1.5.2 - 5189071 (May 4, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 26246

Download

1.5.1 - R5170573 (May 2, 2023)

Layouts

New: Recorded Future Playbook Alert Domain Abuse
This item is no longer supported in XSIAM.
New: Recorded Future Playbook Alert Layout
This item is no longer supported in XSIAM.
New: Recorded Future Playbook Alert Vulnerability
This item is no longer supported in XSIAM.

Related pull requests:
- 25673

Download

PUBLISHER

Recorded Future

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	September 23, 2020
Last Release	April 7, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.

Recorded Future Intelligence

"Recorded Future Intelligence" Pack Documentation

Integrations

Recorded Future v2

Available Actions

Relevant Playbooks

Relevant Classifiers

Relevant Incident Types

Relevant Layouts

Recorded Future - Playbook Alerts

Available Actions

Relevant Playbooks

Relevant Classifiers

Relevant Incident Types

Relevant Layouts

​

Recorded Future - Lists

Available Actions

Dashboards and indicators

"Recorded Future Intelligence" Pack Documentation

Integrations

Recorded Future v2

Available Actions

Relevant Playbooks

Relevant Classifiers

Relevant Incident Types

Relevant Layouts

Recorded Future - Playbook Alerts

Available Actions

Relevant Playbooks

Relevant Classifiers

Relevant Incident Types

Relevant Layouts

​

Recorded Future - Lists

Available Actions

Dashboards and indicators

Integrations

Recorded Future v2

Recorded Future - Lists

Recorded Future - Playbook Alerts

Integrations

Recorded Future v2

Recorded Future - Lists

Recorded Future - Playbook Alerts

Integrations

Recorded Future v2

Recorded Future - Lists

Recorded Future - Playbook Alerts

Integrations

Recorded Future v2

Recorded Future - Lists

Recorded Future - Playbook Alerts

Integrations

Recorded Future v2

Recorded Future - Lists

Recorded Future - Playbook Alerts

Integrations

Recorded Future - Playbook Alerts

Integrations

Recorded Future v2

Recorded Future - Lists

Integrations

Recorded Future v2

Incident Fields

Integrations

Recorded Future v2

Layouts

Mappers

Recorded Future - Incoming Mapper

Playbooks

Recorded Future - Threat Actor Search

Integrations

Recorded Future v2

Playbooks

New: Recorded Future - Threat Actor Search

Integrations

Recorded Future v2

Recorded Future - Lists

Recorded Future - Playbook Alerts