Recorded Future File Reputation

File reputation using Recorded Future SOAR Enrichment

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

  • Recorded Future v2

Scripts

This playbook does not use any scripts.

Commands

  • file

Playbook Inputs


NameDescriptionDefault ValueRequired
MD5File MD5 hash to get reputation of.File.MD5Optional
SHA256File SHA-256 hash to get reputation of.File.SHA256Optional
SHA1File SHA-1 hash to get reputation of.File.SHA1Optional

Playbook Outputs


PathDescriptionType
DBotScore.IndicatorThe indicator that was testedstring
DBotScore.TypeIndicator typestring
DBotScore.VendorVendor used to calculate the scorestring
DBotScore.ScoreThe actual scorenumber
File.SHA256File SHA-256string
File.SHA512File SHA-512string
File.SHA1File SHA-1string
File.MD5File MD5string
File.CRC32File CRC32string
File.CTPHFile CTPHstring
File.Malicious.VendorFor malicious files, the vendor that made the decisionstring
File.Malicious.DescriptionFor malicious files, the reason that the vendor made the decisionstring
RecordedFuture.File.riskScoreRecorded Future Hash Risk Scorenumber
RecordedFuture.File.riskLevelRecorded Future Hash Risk Levelstring
RecordedFuture.File.Evidence.ruleRecorded Risk Rule Namestring
RecordedFuture.File.Evidence.mitigationRecorded Risk Rule Mitigationstring
RecordedFuture.File.Evidence.descriptionRecorded Risk Rule descriptionstring
RecordedFuture.File.Evidence.timestampRecorded Risk Rule timestampdate
RecordedFuture.File.Evidence.levelRecorded Risk Rule Levelnumber
RecordedFuture.File.Evidence.ruleidRecorded Risk Rule IDstring
RecordedFuture.File.nameHashstring
RecordedFuture.File.maxRulesMaximum count of Recorded Future Hash Risk Rulesnumber
RecordedFuture.File.ruleCountNumber of triggered Recorded Future Hash Risk Rulesnumber

Playbook Image


Recorded Future File Reputation