Recorded Future v2

Unique threat intel technology that automatically serves up relevant insights in real time. This integration was integrated and tested with version 1.0 of Recorded Future v2

Configure Recorded Future v2 on Cortex XSOAR

Information

A valid API Token for XSOAR from Recorded Future needed to fetch information. Get help with Recorded Future for Cortex XSOAR.

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Recorded Future v2.
  3. Click Add instance to create and configure a new integration instance.

Configuration

ParameterDescription
Server URLThe URL to the Recorded Future ConnectAPI
API TokenValid API Token from Recorded Future
File/IP/Domain/URL/CVE ThresholdMinimum risk score from Recorded Future needed to mark IOC as malicious when doing reputation or intelligence lookup
unsecureTrust any certificate (unsecure)
proxyUse system proxy settings
  1. Click Test to validate the URLs, token, and connection.

Several of the outputs below have been reduced in size to improve readability.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

domain


Get a quick indicator of the risk associated with a domain.

Base Command

domain

Input

Argument NameDescriptionRequired
domainDomain to get the reputation ofRequired

Context Output

PathTypeDescription
DBotScore.IndicatorstringThe indicator that was tested
DBotScore.TypestringIndicator type
DBotScore.VendorstringVendor used to calculate the score
DBotScore.ScorenumberThe actual score
Domain.Malicious.VendorstringFor malicious Domains, the vendor that made the decision
Domain.Malicious.DescriptionstringFor malicious Domains, the reason that the vendor made the decision
Domain.NamestringDomain name
RecordedFuture.Domain.riskScorenumberRecorded Future Domain Risk Score
RecordedFuture.Domain.riskLevelstringRecorded Future Domain Risk Level
RecordedFuture.Domain.Evidence.rulestringRecorded Risk Rule Name
RecordedFuture.Domain.Evidence.mitigationstringRecorded Risk Rule Mitigation
RecordedFuture.Domain.Evidence.descriptionstringRecorded Risk Rule description
RecordedFuture.Domain.Evidence.timestampdateRecorded Risk Rule timestamp
RecordedFuture.Domain.Evidence.levelnumberRecorded Risk Rule Level
RecordedFuture.Domain.Evidence.ruleidstringRecorded Risk Rule ID
RecordedFuture.Domain.namestringDomain name
RecordedFuture.Domain.maxRulesnumberMaximum count of Recorded Future Domain Risk Rules
RecordedFuture.Domain.ruleCountnumberNumber of triggered Recorded Future Domain Risk Rules

Command Example

!domain domain="google.com"

Context Example

{
"DBotScore": {
"Indicator": "google.com",
"Score": 2,
"Type": "domain",
"Vendor": "Recorded Future"
},
"Domain": {
"Name": "google.com"
},
"RecordedFuture": {
"Domain": {
"Evidence": [
{
"description": "Previous sightings on 1 source: Recorded Future Analyst Community Trending Indicators. Observed between May 28, 2020, and May 29, 2020.",
"level": 1,
"rule": "Historically Reported in Threat List",
"ruleid": "historicalThreatListMembership",
"timestamp": "2020-06-12 16:23:41"
}
],
"description": "",
"id": "idn:google.com",
"maxRules": 40,
"name": "google.com",
"riskLevel": 1,
"riskScore": 24,
"ruleCount": 4
}
}
}

Human Readable Output

Recorded Future Domain reputation for google.com

Risk score: 24 Risk Summary: 4 out of 40 Risk Rules currently observed Criticality: Informational

Intelligence Card

Risk Rules Triggered

CriticalityRuleEvidenceTimestamp
InformationalHistorically Reported in Threat ListPrevious sightings on 1 source: Recorded Future Analyst Community Trending Indicators. Observed between May 28, 2020, and May 29, 2020.2020-06-12 16:23:41

ip


Get a quick indicator of the risk associated with an IP.

Base Command

ip

Input

Argument NameDescriptionRequired
ipIP address to get the reputation ofRequired

Context Output

PathTypeDescription
DBotScore.IndicatorstringThe indicator that was tested
DBotScore.TypestringIndicator type
DBotScore.VendorstringVendor used to calculate the score
DBotScore.ScorenumberThe actual score
IP.Malicious.VendorstringFor malicious IP addresses, the vendor that made the decision
IP.Malicious.DescriptionstringFor malicious IP addresses, the reason that the vendor made the decision
IP.AddressstringIP address
RecordedFuture.IP.riskScorenumberRecorded Future IP Risk Score
RecordedFuture.IP.riskLevelstringRecorded Future IP Risk Level
RecordedFuture.IP.Evidence.rulestringRecorded Risk Rule Name
RecordedFuture.IP.Evidence.mitigationstringRecorded Risk Rule Mitigation
RecordedFuture.IP.Evidence.descriptionstringRecorded Risk Rule Description
RecordedFuture.IP.Evidence.timestampdateRecorded Risk Rule Timestamp
RecordedFuture.IP.Evidence.levelnumberRecorded Risk Rule Level
RecordedFuture.IP.Evidence.ruleidstringRecorded Risk Rule ID
RecordedFuture.IP.namestringIP Address
RecordedFuture.IP.maxRulesnumberMaximum count of Recorded Future IP Risk Rules
RecordedFuture.IP.ruleCountnumberNumber of triggered Recorded Future IP Risk Rules

Command Example

!ip ip="8.8.8.8"

Context Example

{
"DBotScore": {
"Indicator": "8.8.8.8",
"Score": 0,
"Type": "ip",
"Vendor": "Recorded Future"
},
"IP": {
"Address": "8.8.8.8"
},
"RecordedFuture": {
"IP": {
"Evidence": [],
"description": "",
"id": "ip:8.8.8.8",
"maxRules": 51,
"name": "8.8.8.8",
"riskLevel": 0,
"riskScore": 0,
"ruleCount": 0
}
}
}

Human Readable Output

Recorded Future IP reputation for 8.8.8.8

Risk score: 0 Risk Summary: 0 out of 51 Risk Rules currently observed Criticality: Unknown

Intelligence Card

file


Get a quick indicator of the risk associated with a file.

Base Command

file

Input

Argument NameDescriptionRequired
fileFile hash to check the reputation of (MD5, SHA-1, SHA-256, SHA-512, CRC32, CTPH)Required

Context Output

PathTypeDescription
File.SHA256stringFile SHA-256
File.SHA512stringFile SHA-512
File.SHA1stringFile SHA-1
File.MD5stringFile MD5
File.CRC32stringFile CRC32
File.CTPHstringFile CTPH
File.Malicious.VendorstringFor malicious files, the vendor that made the decision
File.Malicious.DescriptionstringFor malicious files, the reason that the vendor made the decision
DBotScore.IndicatorstringThe indicator that was tested
DBotScore.TypestringIndicator type
DBotScore.VendorstringVendor used to calculate the score
DBotScore.ScorenumberThe actual score
RecordedFuture.File.riskScorenumberRecorded Future Hash Risk Score
RecordedFuture.File.riskLevelstringRecorded Future Hash Risk Level
RecordedFuture.File.Evidence.rulestringRecorded Risk Rule Name
RecordedFuture.File.Evidence.mitigationstringRecorded Risk Rule Mitigation
RecordedFuture.File.Evidence.descriptionstringRecorded Risk Rule description
RecordedFuture.File.Evidence.timestampdateRecorded Risk Rule timestamp
RecordedFuture.File.Evidence.levelnumberRecorded Risk Rule Level
RecordedFuture.File.Evidence.ruleidstringRecorded Risk Rule ID
RecordedFuture.File.namestringHash
RecordedFuture.File.maxRulesnumberMaximum count of Recorded Future Hash Risk Rules
RecordedFuture.File.ruleCountnumberNumber of triggered Recorded Future Hash Risk Rules

Command Example

!file file="027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745"

Context Example

{
"DBotScore": {
"Indicator": "027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745",
"Score": 3,
"Type": "file",
"Vendor": "Recorded Future"
},
"File": {
"Malicious": {
"Description": "Score above 65",
"Vendor": "Recorded Future"
},
"SHA256": "027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745"
},
"RecordedFuture": {
"File": {
"Evidence": [
{
"description": "20 sightings on 1 source: VirusTotal. 3 related cyber vulnerabilities: CVE-2017-0147, ETERNALBLUE, CWE-200. Most recent link (May 3, 2020): https://www.virustotal.com/gui/file/027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745",
"level": 2,
"rule": "Linked to Vulnerability",
"ruleid": "linkedToVuln",
"timestamp": "2020-05-03 14:07:48"
}
],
"description": "",
"id": "hash:027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745",
"maxRules": 12,
"name": "027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745",
"riskLevel": 3,
"riskScore": 89,
"ruleCount": 6
}
}
}

Human Readable Output

Recorded Future File reputation for 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745

Risk score: 89 Risk Summary: 6 out of 12 Risk Rules currently observed Criticality: Malicious

Intelligence Card

Risk Rules Triggered

CriticalityRuleEvidenceTimestamp
MaliciousPositive Malware Verdict24 sightings on 4 sources: VirusTotal, Malwr.com, Recorded Future Malware Detonation, ReversingLabs. Most recent link (May 3, 2020): https://www.virustotal.com/gui/file/027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a7452020-06-11 17:53:54

cve


Get a quick indicator of the risk associated with a CVE.

Base Command

cve

Input

Argument NameDescriptionRequired
cveCVE to get the reputation ofRequired

Context Output

PathTypeDescription
CVE.IDstringVulnerability name
RecordedFuture.CVE.riskScorenumberRecorded Future Vulnerability Risk Score
RecordedFuture.CVE.riskLevelstringRecorded Future Vulnerability Risk Level
RecordedFuture.CVE.Evidence.rulestringRecorded Risk Rule Name
RecordedFuture.CVE.Evidence.mitigationstringRecorded Risk Rule Mitigation
RecordedFuture.CVE.Evidence.descriptionstringRecorded Risk Rule description
RecordedFuture.CVE.Evidence.timestampdateRecorded Risk Rule timestamp
RecordedFuture.CVE.Evidence.levelnumberRecorded Risk Rule Level
RecordedFuture.CVE.Evidence.ruleidstringRecorded Risk Rule ID
RecordedFuture.CVE.namestringCVE
RecordedFuture.CVE.maxRulesnumberMaximum count of Recorded Future Vulnerability Risk Rules
RecordedFuture.CVE.ruleCountnumberNumber of triggered Recorded Future Vulnerability Risk Rules

Command Example

!cve cve="CVE-2011-3874"

Context Example

{
"CVE": {
"Description": "Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error.",
"ID": "CVE-2011-3874"
},
"DBotScore": {
"Indicator": "CVE-2011-3874",
"Score": 0,
"Type": "cve",
"Vendor": null
},
"RecordedFuture": {
"CVE": {
"Evidence": [
{
"description": "1 sighting on 1 source: Recorded Future Malware Hunting. Activity seen on 1 out of the last 28 days with 24 all-time daily sightings. Exploited in the wild by 1 malware family: \<e id=K4T4te>DroidRt</e>. Last observed on May 23, 2020. Sample hash: \<e id=hash:ffd0d7e6ba12ed20bc17f9ea1a1323a04cbf2e03bcaec0fa9ea574d9a7fb4881>ffd0d7e6ba12ed20bc17f9ea1a1323a04cbf2e03bcaec0fa9ea574d9a7fb4881</e>.",
"level": 5,
"rule": "Exploited in the Wild by Recently Active Malware",
"ruleid": "recentMalwareActivity",
"timestamp": "2020-05-23 00:00:00"
}
],
"description": "Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error.",
"id": "KIHnRI",
"maxRules": 22,
"name": "CVE-2011-3874",
"riskLevel": 5,
"riskScore": 99,
"ruleCount": 4
}
}
}

Human Readable Output

Recorded Future CVE reputation for CVE-2011-3874

Risk score: 99 Risk Summary: 4 out of 22 Risk Rules currently observed Criticality: Very Malicious

NVD Vulnerability Description: Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error.

Intelligence Card

Risk Rules Triggered

CriticalityRuleEvidenceTimestamp
Very MaliciousExploited in the Wild by Recently Active Malware1 sighting on 1 source: Recorded Future Malware Hunting. Activity seen on 1 out of the last 28 days with 24 all-time daily sightings. Exploited in the wild by 1 malware family: DroidRt. Last observed on May 23, 2020. Sample hash: ffd0d7e6ba12ed20bc17f9ea1a1323a04cbf2e03bcaec0fa9ea574d9a7fb4881.2020-05-23 00:00:00

url


Get a quick indicator of the risk associated with a URL.

Base Command

url

Input

Argument NameDescriptionRequired
urlURL to get the reputation ofRequired

Context Output

PathTypeDescription
DBotScore.IndicatorstringThe indicator that was tested
DBotScore.TypestringIndicator type
DBotScore.VendorstringVendor used to calculate the score
DBotScore.ScorenumberThe actual score
URL.Malicious.VendorstringFor malicious URLs, the vendor that made the decision
URL.Malicious.DescriptionstringFor malicious URLs, the reason that the vendor made the decision
URL.DatastringURL name
RecordedFuture.URL.riskScorenumberRecorded Future URL Risk Score
RecordedFuture.URL.riskLevelstringRecorded Future URL Risk Level
RecordedFuture.URL.Evidence.rulestringRecorded Risk Rule Name
RecordedFuture.URL.Evidence.mitigationstringRecorded Risk Rule Mitigation
RecordedFuture.URL.Evidence.descriptionstringRecorded Risk Rule description
RecordedFuture.URL.Evidence.timestampdateRecorded Risk Rule timestamp
RecordedFuture.URL.Evidence.levelnumberRecorded Risk Rule Level
RecordedFuture.URL.Evidence.ruleidstringRecorded Risk Rule ID
RecordedFuture.URL.namestringURL
RecordedFuture.URL.maxRulesnumberMaximum count of Recorded Future URL Risk Rules
RecordedFuture.URL.ruleCountnumberNumber of triggered Recorded Future URL Risk Rules

Command Example

!url url="https://google.com"

Context Example

{
"DBotScore": {
"Indicator": "https://google.com",
"Score": 2,
"Type": "url",
"Vendor": "Recorded Future"
},
"RecordedFuture": {
"URL": {
"Evidence": [
{
"description": "13 sightings on 5 sources: Geeks To Go, AbuseIP Database, PasteBin, Malwarebytes Unpacked, PSBDMP Dumps. Most recent link (Dec 16, 2018): https://pastebin.com/2Brry0ZQ",
"level": 1,
"rule": "Historically Reported as a Defanged URL",
"ruleid": "defangedURL",
"timestamp": "2018-12-16 22:31:25"
}
],
"description": "",
"id": "url:https://google.com",
"maxRules": 27,
"name": "https://google.com",
"riskLevel": 1,
"riskScore": 24,
"ruleCount": 1
}
},
"URL": {
"Data": "https://google.com"
}
}

Human Readable Output

Recorded Future URL reputation for https://google.com

Risk score: 24 Risk Summary: 1 out of 27 Risk Rules currently observed Criticality: Informational

Intelligence Card

Risk Rules Triggered

CriticalityRuleEvidenceTimestamp
InformationalHistorically Reported as a Defanged URL13 sightings on 5 sources: Geeks To Go, AbuseIP Database, PasteBin, Malwarebytes Unpacked, PSBDMP Dumps. Most recent link (Dec 16, 2018): https://pastebin.com/2Brry0ZQ2018-12-16 22:31:25

recordedfuture-threat-assessment


Get an indicator of the risk based on context. This is not affected by the thresholds configured in the app, instead these are controlled by Recorded Future. The verdict output is determined by algorithms inside the API.

Base Command

recordedfuture-threat-assessment

Input

Argument NameDescriptionRequired
contextContext to use for verdictRequired
ipIPs to check if they are related to the selected context.Optional
domainDomains to check if they are related to the selected context.Optional
fileFile hashes to check if they are related to the selected context.Optional
urlURLs to check if they are related to the selected context.Optional
cveCVEs to check if they are related to the selected context.Optional

Context Output

PathTypeDescription
DBotScore.IndicatorstringThe indicator that was tested
DBotScore.TypestringIndicator type
DBotScore.VendorstringVendor used to calculate the score
DBotScore.ScorenumberThe actual score
File.SHA256stringFile SHA-256
File.SHA512stringFile SHA-512
File.SHA1stringFile SHA-1
File.MD5stringFile MD5
File.CRC32stringFile CRC32
File.CTPHstringFile CTPH
IP.AddressstringIP address
Domain.NamestringDomain name
URL.DatastringURL name
CVE.IDstringVulnerability name
RecordedFuture.verdictbooleanRecorded Future verdict
RecordedFuture.contextstringThreat Assessment Context
RecordedFuture.riskScorenumberRecorded Future Max Score
RecordedFuture.Entities.idstringEntity ID
RecordedFuture.Entities.namestringEntity Name
RecordedFuture.Entities.typestringEntity Type
RecordedFuture.Entities.scorestringEntity Score
RecordedFuture.Entities.Evidence.ruleidstringRecorded Future Risk Rule ID
RecordedFuture.Entities.Evidence.timestampdateRecorded Future Evidence Timestamp
RecordedFuture.Entities.Evidence.mitigationstringRecorded Future Evidence Mitigation
RecordedFuture.Entities.Evidence.descriptionstringRecorded Future Evidence Description
RecordedFuture.Entities.Evidence.rulestringRecorded Future Risk Rule
RecordedFuture.Entities.Evidence.levelnumberRecorded Future Risk Rule Level

Command Example

!recordedfuture-threat-assessment context="c2" ip="8.8.8.8"

Context Example

{
"DBotScore": {
"Indicator": "8.8.8.8",
"Score": 0,
"Type": "ip",
"Vendor": "Recorded Future"
},
"IP": {
"Address": "8.8.8.8"
},
"RecordedFuture": {
"Entities": [
{
"Evidence": [],
"id": "ip:8.8.8.8",
"name": "8.8.8.8",
"score": 0,
"type": "IpAddress"
}
],
"context": "c2",
"riskScore": 0,
"verdict": false
}
}

Human Readable Output

Recorded Future Threat Assessment with regards to c2

Verdict: Non-malicious Max/Min Score: 0/0

Entities

Entity: 8.8.8.8 Score: 0 Rule count: 0 out of 2

Evidence

No entries.

recordedfuture-alert-rules


Search for alert rule IDs.

Base Command

recordedfuture-alert-rules

Input

Argument NameDescriptionRequired
rule_nameRule name to search, can be a partial nameOptional
limitNumber of rules to returnOptional

Context Output

PathTypeDescription
RecordedFuture.AlertRule.idstringAlert rule ID
RecordedFuture.AlertRule.namestringAlert rule name

Command Example

!recordedfuture-alert-rules limit=1

Context Example

{
"RecordedFuture": {
"AlertRule": {
"id": "d55BDp",
"name": "Supplier and Partner Trends, Trending Partners in Watch List"
}
}
}

Human Readable Output

Recorded Future Alerting Rules

idname
d55BDpSupplier and Partner Trends, Trending Partners in Watch List

recordedfuture-alerts


Get details on alerts configured and generated by Recorded Future by alert rule ID and/or time range.

Base Command

recordedfuture-alerts

Input

Argument NameDescriptionRequired
rule_idAlert rule IDOptional
limitNumber of alerts to returnOptional
triggered_timeAlert triggered time, e.g., "1 hour" or "2 days"Optional
assigneeAlert assignee's email addressOptional
statusAlert review statusOptional
freetextFree text searchOptional
offsetAlerts from offsetOptional
orderbyAlerts sort orderOptional
directionAlerts sort directionOptional

Context Output

PathTypeDescription
RecordedFuture.Alert.idstringAlert ID
RecordedFuture.Alert.namestringAlert name
RecordedFuture.Alert.typestringAlert type
RecordedFuture.Alert.triggereddateAlert triggered time
RecordedFuture.Alert.statusstringAlert status
RecordedFuture.Alert.assigneestringAlert assignee
RecordedFuture.Alert.rulestringAlert rule name

Command Example

!recordedfuture-alerts limit=1

Context Example

{
"RecordedFuture": {
"Alert": {
"Alert Title": "Global Trends, Trending Targets - Spike: Enel SPA, Knoxville and Alabama",
"assignee": null,
"email": null,
"id": "eK8voo",
"name": "Global Trends, Trending Targets - Spike: Enel SPA, Knoxville and Alabama",
"rule": "Global Trends, Trending Targets",
"status": "no-action",
"triggered": "2020-06-12 14:37:13",
"type": "ENTITY"
}
}
}

Human Readable Output

Recorded Future Alerts

Alert Title
Global Trends, Trending Targets - Spike: Enel SPA, Knoxville and Alabama

recordedfuture-intelligence


Get threat intelligence for an IP, Domain, CVE, URL or File.

Base Command

recordedfuture-intelligence

Input

Argument NameDescriptionRequired
entity_typeThe type of entity to fetch context for. (Should be provided with its value in entityValue argument)Required
entityThe value of the entity to fetch context for. (Should be provided with its type in entity_type argument, Hash types supported: MD5, SHA-1, SHA-256, SHA-512, CRC32, CTPH). Vulnerability supports CVEs.Required

Context Output

PathTypeDescription
DBotScore.IndicatorstringThe indicator that was tested
DBotScore.TypestringIndicator type
DBotScore.VendorstringVendor used to calculate the score
DBotScore.ScorenumberThe actual score
File.SHA256stringFile SHA-256
File.SHA512stringFile SHA-512
File.SHA1stringFile SHA-1
File.MD5stringFile MD5
File.CRC32stringFile CRC32
File.CTPHstringFile CTPH
IP.AddressstringIP address
IP.ASNstringASN
IP.Geo.CountrystringIP Geolocation Country
Domain.NamestringDomain name
URL.DatastringURL name
CVE.IDstringVulnerability name
RecordedFuture.IP.criticalitynumberRisk Criticality
RecordedFuture.IP.criticalityLabelstringRisk Criticality Label
RecordedFuture.IP.riskStringstringRisk String
RecordedFuture.IP.riskSummarystringRisk Summary
RecordedFuture.IP.rulesstringRisk Rules
RecordedFuture.IP.scorenumberRisk Score
RecordedFuture.IP.firstSeendateEvidence First Seen
RecordedFuture.IP.lastSeendateEvidence Last Seen
RecordedFuture.IP.intelCardstringRecorded Future Intelligence Card URL
RecordedFuture.IP.hashAlgorithmstringHash Algorithm
RecordedFuture.IP.typestringEntity Type
RecordedFuture.IP.namestringEntity
RecordedFuture.IP.idstringRecorded Future Entity ID
RecordedFuture.IP.location.asnStringASN number
RecordedFuture.IP.location.cidr.idStringRecorded Future CIDR ID
RecordedFuture.IP.location.cidr.nameStringCIDR
RecordedFuture.IP.location.cidr.typeStringCIDR Type
RecordedFuture.IP.location.location.cityStringIP Geolocation City
RecordedFuture.IP.location.location.continentStringIP Geolocation Continent
RecordedFuture.IP.location.location.countryStringIP Geolocation Country
RecordedFuture.IP.location.organizationStringIP Geolocation Organization
RecordedFuture.IP.metrics.typeStringRecorded Future Metrics Type
RecordedFuture.IP.metrics.valueNumberRecorded Future Metrics Value
RecordedFuture.IP.threatLists.descriptionStringRecorded Future Threat List Description
RecordedFuture.IP.threatLists.idStringRecorded Future Threat List ID
RecordedFuture.IP.threatLists.nameStringRecorded Future Threat List Name
RecordedFuture.IP.threatLists.typeStringRecorded Future Threat List Type
RecordedFuture.IP.relatedEntities.RelatedAttacker.countNumberRecorded Future Related Count
RecordedFuture.IP.relatedEntities.RelatedAttacker.idStringRecorded Future Related ID
RecordedFuture.IP.relatedEntities.RelatedAttacker.nameStringRecorded Future Related Name
RecordedFuture.IP.relatedEntities.RelatedAttacker.typeStringRecorded Future Related Type
RecordedFuture.IP.relatedEntities.RelatedTarget.countNumberRecorded Future Related Count
RecordedFuture.IP.relatedEntities.RelatedTarget.idStringRecorded Future Related ID
RecordedFuture.IP.relatedEntities.RelatedTarget.nameStringRecorded Future Related Name
RecordedFuture.IP.relatedEntities.RelatedTarget.typeStringRecorded Future Related Type
RecordedFuture.IP.relatedEntities.RelatedThreatActor.countNumberRecorded Future Related Count
RecordedFuture.IP.relatedEntities.RelatedThreatActor.idStringRecorded Future Related ID
RecordedFuture.IP.relatedEntities.RelatedThreatActor.nameStringRecorded Future Related Name
RecordedFuture.IP.relatedEntities.RelatedThreatActor.typeStringRecorded Future Related Type
RecordedFuture.IP.relatedEntities.RelatedMalware.countNumberRecorded Future Related Count
RecordedFuture.IP.relatedEntities.RelatedMalware.idStringRecorded Future Related ID
RecordedFuture.IP.relatedEntities.RelatedMalware.nameStringRecorded Future Related Name
RecordedFuture.IP.relatedEntities.RelatedMalware.typeStringRecorded Future Related Type
RecordedFuture.IP.relatedEntities.RelatedCyberVulnerability.countNumberRecorded Future Related Count
RecordedFuture.IP.relatedEntities.RelatedCyberVulnerability.idStringRecorded Future Related ID
RecordedFuture.IP.relatedEntities.RelatedCyberVulnerability.nameStringRecorded Future Related Name
RecordedFuture.IP.relatedEntities.RelatedCyberVulnerability.typeStringRecorded Future Related Type
RecordedFuture.IP.relatedEntities.RelatedIpAddress.countNumberRecorded Future Related Count
RecordedFuture.IP.relatedEntities.RelatedIpAddress.idStringRecorded Future Related ID
RecordedFuture.IP.relatedEntities.RelatedIpAddress.nameStringRecorded Future Related Name
RecordedFuture.IP.relatedEntities.RelatedIpAddress.typeStringRecorded Future Related Type
RecordedFuture.IP.relatedEntities.RelatedInternetDomainName.countNumberRecorded Future Related Count
RecordedFuture.IP.relatedEntities.RelatedInternetDomainName.idStringRecorded Future Related ID
RecordedFuture.IP.relatedEntities.RelatedInternetDomainName.nameStringRecorded Future Related Name
RecordedFuture.IP.relatedEntities.RelatedInternetDomainName.typeStringRecorded Future Related Type
RecordedFuture.IP.relatedEntities.RelatedProduct.countNumberRecorded Future Related Count
RecordedFuture.IP.relatedEntities.RelatedProduct.idStringRecorded Future Related ID
RecordedFuture.IP.relatedEntities.RelatedProduct.nameStringRecorded Future Related Name
RecordedFuture.IP.relatedEntities.RelatedProduct.typeStringRecorded Future Related Type
RecordedFuture.IP.relatedEntities.RelatedCountries.countNumberRecorded Future Related Count
RecordedFuture.IP.relatedEntities.RelatedCountries.idStringRecorded Future Related ID
RecordedFuture.IP.relatedEntities.RelatedCountries.nameStringRecorded Future Related Name
RecordedFuture.IP.relatedEntities.RelatedCountries.typeStringRecorded Future Related Type
RecordedFuture.IP.relatedEntities.RelatedHash.countNumberRecorded Future Related Count
RecordedFuture.IP.relatedEntities.RelatedHash.idStringRecorded Future Related ID
RecordedFuture.IP.relatedEntities.RelatedHash.nameStringRecorded Future Related Name
RecordedFuture.IP.relatedEntities.RelatedHash.typeStringRecorded Future Related Type
RecordedFuture.IP.relatedEntities.RelatedTechnology.countNumberRecorded Future Related Count
RecordedFuture.IP.relatedEntities.RelatedTechnology.idStringRecorded Future Related ID
RecordedFuture.IP.relatedEntities.RelatedTechnology.nameStringRecorded Future Related Name
RecordedFuture.IP.relatedEntities.RelatedTechnology.typeStringRecorded Future Related Type
RecordedFuture.IP.relatedEntities.RelatedEmailAddress.countNumberRecorded Future Related Count
RecordedFuture.IP.relatedEntities.RelatedEmailAddress.idStringRecorded Future Related ID
RecordedFuture.IP.relatedEntities.RelatedEmailAddress.nameStringRecorded Future Related Name
RecordedFuture.IP.relatedEntities.RelatedEmailAddress.typeStringRecorded Future Related Type
RecordedFuture.IP.relatedEntities.RelatedAttackVector.countNumberRecorded Future Related Count
RecordedFuture.IP.relatedEntities.RelatedAttackVector.idStringRecorded Future Related ID
RecordedFuture.IP.relatedEntities.RelatedAttackVector.nameStringRecorded Future Related Name
RecordedFuture.IP.relatedEntities.RelatedAttackVector.typeStringRecorded Future Related Type
RecordedFuture.IP.relatedEntities.RelatedMalwareCategory.countNumberRecorded Future Related Count
RecordedFuture.IP.relatedEntities.RelatedMalwareCategory.idStringRecorded Future Related ID
RecordedFuture.IP.relatedEntities.RelatedMalwareCategory.nameStringRecorded Future Related Name
RecordedFuture.IP.relatedEntities.RelatedMalwareCategory.typeStringRecorded Future Related Type
RecordedFuture.IP.relatedEntities.RelatedOperations.countNumberRecorded Future Related Count
RecordedFuture.IP.relatedEntities.RelatedOperations.idStringRecorded Future Related ID
RecordedFuture.IP.relatedEntities.RelatedOperations.nameStringRecorded Future Related Name
RecordedFuture.IP.relatedEntities.RelatedOperations.typeStringRecorded Future Related Type
RecordedFuture.IP.relatedEntities.RelatedCompany.countNumberRecorded Future Related Count
RecordedFuture.IP.relatedEntities.RelatedCompany.idStringRecorded Future Related ID
RecordedFuture.IP.relatedEntities.RelatedCompany.nameStringRecorded Future Related Name
RecordedFuture.IP.relatedEntities.RelatedCompany.typeStringRecorded Future Related Type
RecordedFuture.Domain.criticalitynumberRisk Criticality
RecordedFuture.Domain.criticalityLabelstringRisk Criticality Label
RecordedFuture.Domain.riskStringstringRisk String
RecordedFuture.Domain.riskSummarystringRisk Summary
RecordedFuture.Domain.rulesstringRisk Rules
RecordedFuture.Domain.scorenumberRisk Score
RecordedFuture.Domain.firstSeendateEvidence First Seen
RecordedFuture.Domain.lastSeendateEvidence Last Seen
RecordedFuture.Domain.intelCardstringRecorded Future Intelligence Card URL
RecordedFuture.Domain.hashAlgorithmstringHash Algorithm
RecordedFuture.Domain.typestringEntity Type
RecordedFuture.Domain.namestringEntity
RecordedFuture.Domain.idstringRecorded Future Entity ID
RecordedFuture.Domain.location.asnStringASN number
RecordedFuture.Domain.location.cidr.idStringRecorded Future CIDR ID
RecordedFuture.Domain.location.cidr.nameStringCIDR
RecordedFuture.Domain.location.cidr.typeStringCIDR Type
RecordedFuture.Domain.location.location.cityStringIP Geolocation City
RecordedFuture.Domain.location.location.continentStringIP Geolocation Continent
RecordedFuture.Domain.location.location.countryStringIP Geolocation Country
RecordedFuture.Domain.location.organizationStringIP Geolocation Organization
RecordedFuture.Domain.metrics.typeStringRecorded Future Metrics Type
RecordedFuture.Domain.metrics.valueNumberRecorded Future Metrics Value
RecordedFuture.Domain.threatLists.descriptionStringRecorded Future Threat List Description
RecordedFuture.Domain.threatLists.idStringRecorded Future Threat List ID
RecordedFuture.Domain.threatLists.nameStringRecorded Future Threat List Name
RecordedFuture.Domain.threatLists.typeStringRecorded Future Threat List Type
RecordedFuture.Domain.relatedEntities.RelatedAttacker.countNumberRecorded Future Related Count
RecordedFuture.Domain.relatedEntities.RelatedAttacker.idStringRecorded Future Related ID
RecordedFuture.Domain.relatedEntities.RelatedAttacker.nameStringRecorded Future Related Name
RecordedFuture.Domain.relatedEntities.RelatedAttacker.typeStringRecorded Future Related Type
RecordedFuture.Domain.relatedEntities.RelatedTarget.countNumberRecorded Future Related Count
RecordedFuture.Domain.relatedEntities.RelatedTarget.idStringRecorded Future Related ID
RecordedFuture.Domain.relatedEntities.RelatedTarget.nameStringRecorded Future Related Name
RecordedFuture.Domain.relatedEntities.RelatedTarget.typeStringRecorded Future Related Type
RecordedFuture.Domain.relatedEntities.RelatedThreatActor.countNumberRecorded Future Related Count
RecordedFuture.Domain.relatedEntities.RelatedThreatActor.idStringRecorded Future Related ID
RecordedFuture.Domain.relatedEntities.RelatedThreatActor.nameStringRecorded Future Related Name
RecordedFuture.Domain.relatedEntities.RelatedThreatActor.typeStringRecorded Future Related Type
RecordedFuture.Domain.relatedEntities.RelatedMalware.countNumberRecorded Future Related Count
RecordedFuture.Domain.relatedEntities.RelatedMalware.idStringRecorded Future Related ID
RecordedFuture.Domain.relatedEntities.RelatedMalware.nameStringRecorded Future Related Name
RecordedFuture.Domain.relatedEntities.RelatedMalware.typeStringRecorded Future Related Type
RecordedFuture.Domain.relatedEntities.RelatedCyberVulnerability.countNumberRecorded Future Related Count
RecordedFuture.Domain.relatedEntities.RelatedCyberVulnerability.idStringRecorded Future Related ID
RecordedFuture.Domain.relatedEntities.RelatedCyberVulnerability.nameStringRecorded Future Related Name
RecordedFuture.Domain.relatedEntities.RelatedCyberVulnerability.typeStringRecorded Future Related Type
RecordedFuture.Domain.relatedEntities.RelatedIpAddress.countNumberRecorded Future Related Count
RecordedFuture.Domain.relatedEntities.RelatedIpAddress.idStringRecorded Future Related ID
RecordedFuture.Domain.relatedEntities.RelatedIpAddress.nameStringRecorded Future Related Name
RecordedFuture.Domain.relatedEntities.RelatedIpAddress.typeStringRecorded Future Related Type
RecordedFuture.Domain.relatedEntities.RelatedInternetDomainName.countNumberRecorded Future Related Count
RecordedFuture.Domain.relatedEntities.RelatedInternetDomainName.idStringRecorded Future Related ID
RecordedFuture.Domain.relatedEntities.RelatedInternetDomainName.nameStringRecorded Future Related Name
RecordedFuture.Domain.relatedEntities.RelatedInternetDomainName.typeStringRecorded Future Related Type
RecordedFuture.Domain.relatedEntities.RelatedProduct.countNumberRecorded Future Related Count
RecordedFuture.Domain.relatedEntities.RelatedProduct.idStringRecorded Future Related ID
RecordedFuture.Domain.relatedEntities.RelatedProduct.nameStringRecorded Future Related Name
RecordedFuture.Domain.relatedEntities.RelatedProduct.typeStringRecorded Future Related Type
RecordedFuture.Domain.relatedEntities.RelatedCountries.countNumberRecorded Future Related Count
RecordedFuture.Domain.relatedEntities.RelatedCountries.idStringRecorded Future Related ID
RecordedFuture.Domain.relatedEntities.RelatedCountries.nameStringRecorded Future Related Name
RecordedFuture.Domain.relatedEntities.RelatedCountries.typeStringRecorded Future Related Type
RecordedFuture.Domain.relatedEntities.RelatedHash.countNumberRecorded Future Related Count
RecordedFuture.Domain.relatedEntities.RelatedHash.idStringRecorded Future Related ID
RecordedFuture.Domain.relatedEntities.RelatedHash.nameStringRecorded Future Related Name
RecordedFuture.Domain.relatedEntities.RelatedHash.typeStringRecorded Future Related Type
RecordedFuture.Domain.relatedEntities.RelatedTechnology.countNumberRecorded Future Related Count
RecordedFuture.Domain.relatedEntities.RelatedTechnology.idStringRecorded Future Related ID
RecordedFuture.Domain.relatedEntities.RelatedTechnology.nameStringRecorded Future Related Name
RecordedFuture.Domain.relatedEntities.RelatedTechnology.typeStringRecorded Future Related Type
RecordedFuture.Domain.relatedEntities.RelatedEmailAddress.countNumberRecorded Future Related Count
RecordedFuture.Domain.relatedEntities.RelatedEmailAddress.idStringRecorded Future Related ID
RecordedFuture.Domain.relatedEntities.RelatedEmailAddress.nameStringRecorded Future Related Name
RecordedFuture.Domain.relatedEntities.RelatedEmailAddress.typeStringRecorded Future Related Type
RecordedFuture.Domain.relatedEntities.RelatedAttackVector.countNumberRecorded Future Related Count
RecordedFuture.Domain.relatedEntities.RelatedAttackVector.idStringRecorded Future Related ID
RecordedFuture.Domain.relatedEntities.RelatedAttackVector.nameStringRecorded Future Related Name
RecordedFuture.Domain.relatedEntities.RelatedAttackVector.typeStringRecorded Future Related Type
RecordedFuture.Domain.relatedEntities.RelatedMalwareCategory.countNumberRecorded Future Related Count
RecordedFuture.Domain.relatedEntities.RelatedMalwareCategory.idStringRecorded Future Related ID
RecordedFuture.Domain.relatedEntities.RelatedMalwareCategory.nameStringRecorded Future Related Name
RecordedFuture.Domain.relatedEntities.RelatedMalwareCategory.typeStringRecorded Future Related Type
RecordedFuture.Domain.relatedEntities.RelatedOperations.countNumberRecorded Future Related Count
RecordedFuture.Domain.relatedEntities.RelatedOperations.idStringRecorded Future Related ID
RecordedFuture.Domain.relatedEntities.RelatedOperations.nameStringRecorded Future Related Name
RecordedFuture.Domain.relatedEntities.RelatedOperations.typeStringRecorded Future Related Type
RecordedFuture.Domain.relatedEntities.RelatedCompany.countNumberRecorded Future Related Count
RecordedFuture.Domain.relatedEntities.RelatedCompany.idStringRecorded Future Related ID
RecordedFuture.Domain.relatedEntities.RelatedCompany.nameStringRecorded Future Related Name
RecordedFuture.Domain.relatedEntities.RelatedCompany.typeStringRecorded Future Related Type
RecordedFuture.CVE.criticalitynumberRisk Criticality
RecordedFuture.CVE.criticalityLabelstringRisk Criticality Label
RecordedFuture.CVE.riskStringstringRisk String
RecordedFuture.CVE.riskSummarystringRisk Summary
RecordedFuture.CVE.rulesstringRisk Rules
RecordedFuture.CVE.scorenumberRisk Score
RecordedFuture.CVE.firstSeendateEvidence First Seen
RecordedFuture.CVE.lastSeendateEvidence Last Seen
RecordedFuture.CVE.intelCardstringRecorded Future Intelligence Card URL
RecordedFuture.CVE.hashAlgorithmstringHash Algorithm
RecordedFuture.CVE.typestringEntity Type
RecordedFuture.CVE.namestringEntity
RecordedFuture.CVE.idstringRecorded Future Entity ID
RecordedFuture.CVE.location.asnStringASN number
RecordedFuture.CVE.location.cidr.idStringRecorded Future CIDR ID
RecordedFuture.CVE.location.cidr.nameStringCIDR
RecordedFuture.CVE.location.cidr.typeStringCIDR Type
RecordedFuture.CVE.location.location.cityStringIP Geolocation City
RecordedFuture.CVE.location.location.continentStringIP Geolocation Continent
RecordedFuture.CVE.location.location.countryStringIP Geolocation Country
RecordedFuture.CVE.location.organizationStringIP Geolocation Organization
RecordedFuture.CVE.metrics.typeStringRecorded Future Metrics Type
RecordedFuture.CVE.metrics.valueNumberRecorded Future Metrics Value
RecordedFuture.CVE.threatLists.descriptionStringRecorded Future Threat List Description
RecordedFuture.CVE.threatLists.idStringRecorded Future Threat List ID
RecordedFuture.CVE.threatLists.nameStringRecorded Future Threat List Name
RecordedFuture.CVE.threatLists.typeStringRecorded Future Threat List Type
RecordedFuture.CVE.relatedEntities.RelatedAttacker.countNumberRecorded Future Related Count
RecordedFuture.CVE.relatedEntities.RelatedAttacker.idStringRecorded Future Related ID
RecordedFuture.CVE.relatedEntities.RelatedAttacker.nameStringRecorded Future Related Name
RecordedFuture.CVE.relatedEntities.RelatedAttacker.typeStringRecorded Future Related Type
RecordedFuture.CVE.relatedEntities.RelatedTarget.countNumberRecorded Future Related Count
RecordedFuture.CVE.relatedEntities.RelatedTarget.idStringRecorded Future Related ID
RecordedFuture.CVE.relatedEntities.RelatedTarget.nameStringRecorded Future Related Name
RecordedFuture.CVE.relatedEntities.RelatedTarget.typeStringRecorded Future Related Type
RecordedFuture.CVE.relatedEntities.RelatedThreatActor.countNumberRecorded Future Related Count
RecordedFuture.CVE.relatedEntities.RelatedThreatActor.idStringRecorded Future Related ID
RecordedFuture.CVE.relatedEntities.RelatedThreatActor.nameStringRecorded Future Related Name
RecordedFuture.CVE.relatedEntities.RelatedThreatActor.typeStringRecorded Future Related Type
RecordedFuture.CVE.relatedEntities.RelatedMalware.countNumberRecorded Future Related Count
RecordedFuture.CVE.relatedEntities.RelatedMalware.idStringRecorded Future Related ID
RecordedFuture.CVE.relatedEntities.RelatedMalware.nameStringRecorded Future Related Name
RecordedFuture.CVE.relatedEntities.RelatedMalware.typeStringRecorded Future Related Type
RecordedFuture.CVE.relatedEntities.RelatedCyberVulnerability.countNumberRecorded Future Related Count
RecordedFuture.CVE.relatedEntities.RelatedCyberVulnerability.idStringRecorded Future Related ID
RecordedFuture.CVE.relatedEntities.RelatedCyberVulnerability.nameStringRecorded Future Related Name
RecordedFuture.CVE.relatedEntities.RelatedCyberVulnerability.typeStringRecorded Future Related Type
RecordedFuture.CVE.relatedEntities.RelatedIpAddress.countNumberRecorded Future Related Count
RecordedFuture.CVE.relatedEntities.RelatedIpAddress.idStringRecorded Future Related ID
RecordedFuture.CVE.relatedEntities.RelatedIpAddress.nameStringRecorded Future Related Name
RecordedFuture.CVE.relatedEntities.RelatedIpAddress.typeStringRecorded Future Related Type
RecordedFuture.CVE.relatedEntities.RelatedInternetDomainName.countNumberRecorded Future Related Count
RecordedFuture.CVE.relatedEntities.RelatedInternetDomainName.idStringRecorded Future Related ID
RecordedFuture.CVE.relatedEntities.RelatedInternetDomainName.nameStringRecorded Future Related Name
RecordedFuture.CVE.relatedEntities.RelatedInternetDomainName.typeStringRecorded Future Related Type
RecordedFuture.CVE.relatedEntities.RelatedProduct.countNumberRecorded Future Related Count
RecordedFuture.CVE.relatedEntities.RelatedProduct.idStringRecorded Future Related ID
RecordedFuture.CVE.relatedEntities.RelatedProduct.nameStringRecorded Future Related Name
RecordedFuture.CVE.relatedEntities.RelatedProduct.typeStringRecorded Future Related Type
RecordedFuture.CVE.relatedEntities.RelatedCountries.countNumberRecorded Future Related Count
RecordedFuture.CVE.relatedEntities.RelatedCountries.idStringRecorded Future Related ID
RecordedFuture.CVE.relatedEntities.RelatedCountries.nameStringRecorded Future Related Name
RecordedFuture.CVE.relatedEntities.RelatedCountries.typeStringRecorded Future Related Type
RecordedFuture.CVE.relatedEntities.RelatedHash.countNumberRecorded Future Related Count
RecordedFuture.CVE.relatedEntities.RelatedHash.idStringRecorded Future Related ID
RecordedFuture.CVE.relatedEntities.RelatedHash.nameStringRecorded Future Related Name
RecordedFuture.CVE.relatedEntities.RelatedHash.typeStringRecorded Future Related Type
RecordedFuture.CVE.relatedEntities.RelatedTechnology.countNumberRecorded Future Related Count
RecordedFuture.CVE.relatedEntities.RelatedTechnology.idStringRecorded Future Related ID
RecordedFuture.CVE.relatedEntities.RelatedTechnology.nameStringRecorded Future Related Name
RecordedFuture.CVE.relatedEntities.RelatedTechnology.typeStringRecorded Future Related Type
RecordedFuture.CVE.relatedEntities.RelatedEmailAddress.countNumberRecorded Future Related Count
RecordedFuture.CVE.relatedEntities.RelatedEmailAddress.idStringRecorded Future Related ID
RecordedFuture.CVE.relatedEntities.RelatedEmailAddress.nameStringRecorded Future Related Name
RecordedFuture.CVE.relatedEntities.RelatedEmailAddress.typeStringRecorded Future Related Type
RecordedFuture.CVE.relatedEntities.RelatedAttackVector.countNumberRecorded Future Related Count
RecordedFuture.CVE.relatedEntities.RelatedAttackVector.idStringRecorded Future Related ID
RecordedFuture.CVE.relatedEntities.RelatedAttackVector.nameStringRecorded Future Related Name
RecordedFuture.CVE.relatedEntities.RelatedAttackVector.typeStringRecorded Future Related Type
RecordedFuture.CVE.relatedEntities.RelatedMalwareCategory.countNumberRecorded Future Related Count
RecordedFuture.CVE.relatedEntities.RelatedMalwareCategory.idStringRecorded Future Related ID
RecordedFuture.CVE.relatedEntities.RelatedMalwareCategory.nameStringRecorded Future Related Name
RecordedFuture.CVE.relatedEntities.RelatedMalwareCategory.typeStringRecorded Future Related Type
RecordedFuture.CVE.relatedEntities.RelatedOperations.countNumberRecorded Future Related Count
RecordedFuture.CVE.relatedEntities.RelatedOperations.idStringRecorded Future Related ID
RecordedFuture.CVE.relatedEntities.RelatedOperations.nameStringRecorded Future Related Name
RecordedFuture.CVE.relatedEntities.RelatedOperations.typeStringRecorded Future Related Type
RecordedFuture.CVE.relatedEntities.RelatedCompany.countNumberRecorded Future Related Count
RecordedFuture.CVE.relatedEntities.RelatedCompany.idStringRecorded Future Related ID
RecordedFuture.CVE.relatedEntities.RelatedCompany.nameStringRecorded Future Related Name
RecordedFuture.CVE.relatedEntities.RelatedCompany.typeStringRecorded Future Related Type
RecordedFuture.File.criticalitynumberRisk Criticality
RecordedFuture.File.criticalityLabelstringRisk Criticality Label
RecordedFuture.File.riskStringstringRisk String
RecordedFuture.File.riskSummarystringRisk Summary
RecordedFuture.File.rulesstringRisk Rules
RecordedFuture.File.scorenumberRisk Score
RecordedFuture.File.firstSeendateEvidence First Seen
RecordedFuture.File.lastSeendateEvidence Last Seen
RecordedFuture.File.intelCardstringRecorded Future Intelligence Card URL
RecordedFuture.File.hashAlgorithmstringHash Algorithm
RecordedFuture.File.typestringEntity Type
RecordedFuture.File.namestringEntity
RecordedFuture.File.idstringRecorded Future Entity ID
RecordedFuture.File.metrics.typeStringRecorded Future Metrics Type
RecordedFuture.File.metrics.valueNumberRecorded Future Metrics Value
RecordedFuture.File.threatLists.descriptionStringRecorded Future Threat List Description
RecordedFuture.File.threatLists.idStringRecorded Future Threat List ID
RecordedFuture.File.threatLists.nameStringRecorded Future Threat List Name
RecordedFuture.File.threatLists.typeStringRecorded Future Threat List Type
RecordedFuture.File.relatedEntities.RelatedAttacker.countNumberRecorded Future Related Count
RecordedFuture.File.relatedEntities.RelatedAttacker.idStringRecorded Future Related ID
RecordedFuture.File.relatedEntities.RelatedAttacker.nameStringRecorded Future Related Name
RecordedFuture.File.relatedEntities.RelatedAttacker.typeStringRecorded Future Related Type
RecordedFuture.File.relatedEntities.RelatedTarget.countNumberRecorded Future Related Count
RecordedFuture.File.relatedEntities.RelatedTarget.idStringRecorded Future Related ID
RecordedFuture.File.relatedEntities.RelatedTarget.nameStringRecorded Future Related Name
RecordedFuture.File.relatedEntities.RelatedTarget.typeStringRecorded Future Related Type
RecordedFuture.File.relatedEntities.RelatedThreatActor.countNumberRecorded Future Related Count
RecordedFuture.File.relatedEntities.RelatedThreatActor.idStringRecorded Future Related ID
RecordedFuture.File.relatedEntities.RelatedThreatActor.nameStringRecorded Future Related Name
RecordedFuture.File.relatedEntities.RelatedThreatActor.typeStringRecorded Future Related Type
RecordedFuture.File.relatedEntities.RelatedMalware.countNumberRecorded Future Related Count
RecordedFuture.File.relatedEntities.RelatedMalware.idStringRecorded Future Related ID
RecordedFuture.File.relatedEntities.RelatedMalware.nameStringRecorded Future Related Name
RecordedFuture.File.relatedEntities.RelatedMalware.typeStringRecorded Future Related Type
RecordedFuture.File.relatedEntities.RelatedCyberVulnerability.countNumberRecorded Future Related Count
RecordedFuture.File.relatedEntities.RelatedCyberVulnerability.idStringRecorded Future Related ID
RecordedFuture.File.relatedEntities.RelatedCyberVulnerability.nameStringRecorded Future Related Name
RecordedFuture.File.relatedEntities.RelatedCyberVulnerability.typeStringRecorded Future Related Type
RecordedFuture.File.relatedEntities.RelatedIpAddress.countNumberRecorded Future Related Count
RecordedFuture.File.relatedEntities.RelatedIpAddress.idStringRecorded Future Related ID
RecordedFuture.File.relatedEntities.RelatedIpAddress.nameStringRecorded Future Related Name
RecordedFuture.File.relatedEntities.RelatedIpAddress.typeStringRecorded Future Related Type
RecordedFuture.File.relatedEntities.RelatedInternetDomainName.countNumberRecorded Future Related Count
RecordedFuture.File.relatedEntities.RelatedInternetDomainName.idStringRecorded Future Related ID
RecordedFuture.File.relatedEntities.RelatedInternetDomainName.nameStringRecorded Future Related Name
RecordedFuture.File.relatedEntities.RelatedInternetDomainName.typeStringRecorded Future Related Type
RecordedFuture.File.relatedEntities.RelatedProduct.countNumberRecorded Future Related Count
RecordedFuture.File.relatedEntities.RelatedProduct.idStringRecorded Future Related ID
RecordedFuture.File.relatedEntities.RelatedProduct.nameStringRecorded Future Related Name
RecordedFuture.File.relatedEntities.RelatedProduct.typeStringRecorded Future Related Type
RecordedFuture.File.relatedEntities.RelatedCountries.countNumberRecorded Future Related Count
RecordedFuture.File.relatedEntities.RelatedCountries.idStringRecorded Future Related ID
RecordedFuture.File.relatedEntities.RelatedCountries.nameStringRecorded Future Related Name
RecordedFuture.File.relatedEntities.RelatedCountries.typeStringRecorded Future Related Type
RecordedFuture.File.relatedEntities.RelatedHash.countNumberRecorded Future Related Count
RecordedFuture.File.relatedEntities.RelatedHash.idStringRecorded Future Related ID
RecordedFuture.File.relatedEntities.RelatedHash.nameStringRecorded Future Related Name
RecordedFuture.File.relatedEntities.RelatedHash.typeStringRecorded Future Related Type
RecordedFuture.File.relatedEntities.RelatedTechnology.countNumberRecorded Future Related Count
RecordedFuture.File.relatedEntities.RelatedTechnology.idStringRecorded Future Related ID
RecordedFuture.File.relatedEntities.RelatedTechnology.nameStringRecorded Future Related Name
RecordedFuture.File.relatedEntities.RelatedTechnology.typeStringRecorded Future Related Type
RecordedFuture.File.relatedEntities.RelatedEmailAddress.countNumberRecorded Future Related Count
RecordedFuture.File.relatedEntities.RelatedEmailAddress.idStringRecorded Future Related ID
RecordedFuture.File.relatedEntities.RelatedEmailAddress.nameStringRecorded Future Related Name
RecordedFuture.File.relatedEntities.RelatedEmailAddress.typeStringRecorded Future Related Type
RecordedFuture.File.relatedEntities.RelatedAttackVector.countNumberRecorded Future Related Count
RecordedFuture.File.relatedEntities.RelatedAttackVector.idStringRecorded Future Related ID
RecordedFuture.File.relatedEntities.RelatedAttackVector.nameStringRecorded Future Related Name
RecordedFuture.File.relatedEntities.RelatedAttackVector.typeStringRecorded Future Related Type
RecordedFuture.File.relatedEntities.RelatedMalwareCategory.countNumberRecorded Future Related Count
RecordedFuture.File.relatedEntities.RelatedMalwareCategory.idStringRecorded Future Related ID
RecordedFuture.File.relatedEntities.RelatedMalwareCategory.nameStringRecorded Future Related Name
RecordedFuture.File.relatedEntities.RelatedMalwareCategory.typeStringRecorded Future Related Type
RecordedFuture.File.relatedEntities.RelatedOperations.countNumberRecorded Future Related Count
RecordedFuture.File.relatedEntities.RelatedOperations.idStringRecorded Future Related ID
RecordedFuture.File.relatedEntities.RelatedOperations.nameStringRecorded Future Related Name
RecordedFuture.File.relatedEntities.RelatedOperations.typeStringRecorded Future Related Type
RecordedFuture.File.relatedEntities.RelatedCompany.countNumberRecorded Future Related Count
RecordedFuture.File.relatedEntities.RelatedCompany.idStringRecorded Future Related ID
RecordedFuture.File.relatedEntities.RelatedCompany.nameStringRecorded Future Related Name
RecordedFuture.File.relatedEntities.RelatedCompany.typeStringRecorded Future Related Type
RecordedFuture.URL.criticalitynumberRisk Criticality
RecordedFuture.URL.criticalityLabelstringRisk Criticality Label
RecordedFuture.URL.riskStringstringRisk String
RecordedFuture.URL.riskSummarystringRisk Summary
RecordedFuture.URL.rulesstringRisk Rules
RecordedFuture.URL.scorenumberRisk Score
RecordedFuture.URL.firstSeendateEvidence First Seen
RecordedFuture.URL.lastSeendateEvidence Last Seen
RecordedFuture.URL.intelCardstringRecorded Future Intelligence Card URL
RecordedFuture.URL.hashAlgorithmstringHash Algorithm
RecordedFuture.URL.typestringEntity Type
RecordedFuture.URL.namestringEntity
RecordedFuture.URL.idstringRecorded Future Entity ID
RecordedFuture.URL.location.asnStringASN number
RecordedFuture.URL.location.cidr.idStringRecorded Future CIDR ID
RecordedFuture.URL.location.cidr.nameStringCIDR
RecordedFuture.URL.location.cidr.typeStringCIDR Type
RecordedFuture.URL.location.location.cityStringIP Geolocation City
RecordedFuture.URL.location.location.continentStringIP Geolocation Continent
RecordedFuture.URL.location.location.countryStringIP Geolocation Country
RecordedFuture.URL.location.organizationStringIP Geolocation Organization
RecordedFuture.URL.metrics.typeStringRecorded Future Metrics Type
RecordedFuture.URL.metrics.valueNumberRecorded Future Metrics Value
RecordedFuture.URL.threatLists.descriptionStringRecorded Future Threat List Description
RecordedFuture.URL.threatLists.idStringRecorded Future Threat List ID
RecordedFuture.URL.threatLists.nameStringRecorded Future Threat List Name
RecordedFuture.URL.threatLists.typeStringRecorded Future Threat List Type
RecordedFuture.URL.relatedEntities.RelatedAttacker.countNumberRecorded Future Related Count
RecordedFuture.URL.relatedEntities.RelatedAttacker.idStringRecorded Future Related ID
RecordedFuture.URL.relatedEntities.RelatedAttacker.nameStringRecorded Future Related Name
RecordedFuture.URL.relatedEntities.RelatedAttacker.typeStringRecorded Future Related Type
RecordedFuture.URL.relatedEntities.RelatedTarget.countNumberRecorded Future Related Count
RecordedFuture.URL.relatedEntities.RelatedTarget.idStringRecorded Future Related ID
RecordedFuture.URL.relatedEntities.RelatedTarget.nameStringRecorded Future Related Name
RecordedFuture.URL.relatedEntities.RelatedTarget.typeStringRecorded Future Related Type
RecordedFuture.URL.relatedEntities.RelatedThreatActor.countNumberRecorded Future Related Count
RecordedFuture.URL.relatedEntities.RelatedThreatActor.idStringRecorded Future Related ID
RecordedFuture.URL.relatedEntities.RelatedThreatActor.nameStringRecorded Future Related Name
RecordedFuture.URL.relatedEntities.RelatedThreatActor.typeStringRecorded Future Related Type
RecordedFuture.URL.relatedEntities.RelatedMalware.countNumberRecorded Future Related Count
RecordedFuture.URL.relatedEntities.RelatedMalware.idStringRecorded Future Related ID
RecordedFuture.URL.relatedEntities.RelatedMalware.nameStringRecorded Future Related Name
RecordedFuture.URL.relatedEntities.RelatedMalware.typeStringRecorded Future Related Type
RecordedFuture.URL.relatedEntities.RelatedCyberVulnerability.countNumberRecorded Future Related Count
RecordedFuture.URL.relatedEntities.RelatedCyberVulnerability.idStringRecorded Future Related ID
RecordedFuture.URL.relatedEntities.RelatedCyberVulnerability.nameStringRecorded Future Related Name
RecordedFuture.URL.relatedEntities.RelatedCyberVulnerability.typeStringRecorded Future Related Type
RecordedFuture.URL.relatedEntities.RelatedIpAddress.countNumberRecorded Future Related Count
RecordedFuture.URL.relatedEntities.RelatedIpAddress.idStringRecorded Future Related ID
RecordedFuture.URL.relatedEntities.RelatedIpAddress.nameStringRecorded Future Related Name
RecordedFuture.URL.relatedEntities.RelatedIpAddress.typeStringRecorded Future Related Type
RecordedFuture.URL.relatedEntities.RelatedInternetDomainName.countNumberRecorded Future Related Count
RecordedFuture.URL.relatedEntities.RelatedInternetDomainName.idStringRecorded Future Related ID
RecordedFuture.URL.relatedEntities.RelatedInternetDomainName.nameStringRecorded Future Related Name
RecordedFuture.URL.relatedEntities.RelatedInternetDomainName.typeStringRecorded Future Related Type
RecordedFuture.URL.relatedEntities.RelatedProduct.countNumberRecorded Future Related Count
RecordedFuture.URL.relatedEntities.RelatedProduct.idStringRecorded Future Related ID
RecordedFuture.URL.relatedEntities.RelatedProduct.nameStringRecorded Future Related Name
RecordedFuture.URL.relatedEntities.RelatedProduct.typeStringRecorded Future Related Type
RecordedFuture.URL.relatedEntities.RelatedCountries.countNumberRecorded Future Related Count
RecordedFuture.URL.relatedEntities.RelatedCountries.idStringRecorded Future Related ID
RecordedFuture.URL.relatedEntities.RelatedCountries.nameStringRecorded Future Related Name
RecordedFuture.URL.relatedEntities.RelatedCountries.typeStringRecorded Future Related Type
RecordedFuture.URL.relatedEntities.RelatedHash.countNumberRecorded Future Related Count
RecordedFuture.URL.relatedEntities.RelatedHash.idStringRecorded Future Related ID
RecordedFuture.URL.relatedEntities.RelatedHash.nameStringRecorded Future Related Name
RecordedFuture.URL.relatedEntities.RelatedHash.typeStringRecorded Future Related Type
RecordedFuture.URL.relatedEntities.RelatedTechnology.countNumberRecorded Future Related Count
RecordedFuture.URL.relatedEntities.RelatedTechnology.idStringRecorded Future Related ID
RecordedFuture.URL.relatedEntities.RelatedTechnology.nameStringRecorded Future Related Name
RecordedFuture.URL.relatedEntities.RelatedTechnology.typeStringRecorded Future Related Type
RecordedFuture.URL.relatedEntities.RelatedEmailAddress.countNumberRecorded Future Related Count
RecordedFuture.URL.relatedEntities.RelatedEmailAddress.idStringRecorded Future Related ID
RecordedFuture.URL.relatedEntities.RelatedEmailAddress.nameStringRecorded Future Related Name
RecordedFuture.URL.relatedEntities.RelatedEmailAddress.typeStringRecorded Future Related Type
RecordedFuture.URL.relatedEntities.RelatedAttackVector.countNumberRecorded Future Related Count
RecordedFuture.URL.relatedEntities.RelatedAttackVector.idStringRecorded Future Related ID
RecordedFuture.URL.relatedEntities.RelatedAttackVector.nameStringRecorded Future Related Name
RecordedFuture.URL.relatedEntities.RelatedAttackVector.typeStringRecorded Future Related Type
RecordedFuture.URL.relatedEntities.RelatedMalwareCategory.countNumberRecorded Future Related Count
RecordedFuture.URL.relatedEntities.RelatedMalwareCategory.idStringRecorded Future Related ID
RecordedFuture.URL.relatedEntities.RelatedMalwareCategory.nameStringRecorded Future Related Name
RecordedFuture.URL.relatedEntities.RelatedMalwareCategory.typeStringRecorded Future Related Type
RecordedFuture.URL.relatedEntities.RelatedOperations.countNumberRecorded Future Related Count
RecordedFuture.URL.relatedEntities.RelatedOperations.idStringRecorded Future Related ID
RecordedFuture.URL.relatedEntities.RelatedOperations.nameStringRecorded Future Related Name
RecordedFuture.URL.relatedEntities.RelatedOperations.typeStringRecorded Future Related Type
RecordedFuture.URL.relatedEntities.RelatedCompany.countNumberRecorded Future Related Count
RecordedFuture.URL.relatedEntities.RelatedCompany.idStringRecorded Future Related ID
RecordedFuture.URL.relatedEntities.RelatedCompany.nameStringRecorded Future Related Name
RecordedFuture.URL.relatedEntities.RelatedCompany.typeStringRecorded Future Related Type

Command Example

!recordedfuture-intelligence entity_type="ip" entity="8.8.8.8"

Context Example

{
"DBotScore": [
{
"Indicator": "8.8.8.8",
"Score": 0,
"Type": "ip",
"Vendor": "Recorded Future"
},
{
"Indicator": "8.8.8.4",
"Score": 2,
"Type": "ip",
"Vendor": "Recorded Future"
},
{
"Indicator": "8.8.8.5",
"Score": 2,
"Type": "ip",
"Vendor": "Recorded Future"
}
],
"IP": [
{
"ASN": "AS15169",
"Address": "8.8.8.8",
"Geo": {
"Country": "United States"
}
},
{
"Address": "8.8.8.4"
},
{
"Address": "8.8.8.5"
}
],
"RecordedFuture": {
"IP": {
"criticality": 0,
"criticalityLabel": "None",
"evidenceDetails": [],
"firstSeen": "2010-04-27T12:46:51.000Z",
"id": "ip:8.8.8.8",
"intelCard": "https://app.recordedfuture.com/live/sc/entity/ip%3A8.8.8.8",
"lastSeen": "2020-06-12T16:25:09.211Z",
"location": {
"asn": "AS15169",
"cidr": {
"id": "ip:8.8.8.0/24",
"name": "8.8.8.0/24",
"type": "IpAddress"
},
"location": {
"city": "Mountain View",
"continent": "North America",
"country": "United States"
},
"organization": "GOOGLE"
},
"metrics": [
{
"type": "pasteHits",
"value": 324743
},
{
"type": "darkWebHits",
"value": 53564
},
{
"type": "criticality",
"value": 0
},
{
"type": "publicSubscore",
"value": 0
},
{
"type": "undergroundForumHits",
"value": 1837
},
{
"type": "maliciousHits",
"value": 462511
},
{
"type": "technicalReportingHits",
"value": 9074924
},
{
"type": "infoSecHits",
"value": 9065751
},
{
"type": "totalHits",
"value": 9576010
},
{
"type": "sixtyDaysHits",
"value": 96554
},
{
"type": "oneDayHits",
"value": 169
},
{
"type": "c2Subscore",
"value": 0
},
{
"type": "phishingSubscore",
"value": 0
},
{
"type": "socialMediaHits",
"value": 71547
},
{
"type": "sevenDaysHits",
"value": 5819
}
],
"name": "8.8.8.8",
"relatedEntities": [
{
"RelatedMalwareCategory": [
{
"count": 143770,
"id": "0efpT",
"name": "Trojan",
"type": "MalwareCategory"
},
{
"count": 100993,
"id": "J31vQ6",
"name": "Banking Trojan",
"type": "MalwareCategory"
}
]
},
{
"RelatedCyberVulnerability": [
{
"count": 11,
"id": "LBbHYm",
"name": "CWE-78",
"type": "CyberVulnerability"
},
{
"count": 11,
"id": "LpTCYV",
"name": "CVE-2014-6271",
"type": "CyberVulnerability"
}
]
},
{
"RelatedHash": [
{
"count": 573,
"id": "hash:00e9fb5ad26e87ce2abc2a7de0789ebb1a38bf0d28ae175662f67d4b16237b67",
"name": "00e9fb5ad26e87ce2abc2a7de0789ebb1a38bf0d28ae175662f67d4b16237b67",
"type": "Hash"
},
{
"count": 148,
"id": "hash:cef615ee419d513c68e67780a08fd52a6e9c23d189cf4b85d3ba5efbee7a48e6",
"name": "cef615ee419d513c68e67780a08fd52a6e9c23d189cf4b85d3ba5efbee7a48e6",
"type": "Hash"
}
]
},
{
"RelatedIpAddress": [
{
"count": 1352680,
"id": "ip:8.8.4.4",
"name": "8.8.4.4",
"type": "IpAddress"
},
{
"count": 158918,
"id": "ip:1.2.3.4",
"name": "1.2.3.4",
"type": "IpAddress"
}
]
},
{
"RelatedThreatActor": [
{
"count": 159,
"id": "I2QcS_",
"name": "Anonymous",
"type": "Organization"
}
]
},
],
"riskString": "0/51",
"riskSummary": "No Risk Rules are currently observed.",
"riskyCIDRIPs": [
{
"ip": {
"id": "ip:8.8.8.4",
"name": "8.8.8.4",
"type": "IpAddress"
},
"score": 24
},
{
"ip": {
"id": "ip:8.8.8.5",
"name": "8.8.8.5",
"type": "IpAddress"
},
"score": 24
}
],
"rules": 0,
"score": 0,
"threatLists": [
{
"description": "This list consists of DNS public or open DNS servers and is an absolute white list for Risk Scoring.",
"id": "report:Uz6vFG",
"name": "DNS Server List (White List)",
"type": "EntityList"
}
],
"type": "IpAddress"
}
}
}

Human Readable Output

Recorded Future IP Intelligence for 8.8.8.8

Risk Score: 0 Summary: No Risk Rules are currently observed. Criticality label: None Total references to this entity: 9576010 ASN and Geolocation AS Number: AS15169 AS Name: GOOGLE CIDR: 8.8.8.0/24 Geolocation (city): Mountain View Geolocation (country): United States First reference collected on: 2010-04-27 12:46:51 Latest reference collected on: 2020-06-12 16:25:09 Intelligence Card

Triggered Risk Rules

No entries.

Threat Lists

Threat List NameDescription
DNS Server List (White List)This list consists of DNS public or open DNS servers and is an absolute white list for Risk Scoring.