Recorded Future Threat Assessment

Threat Assessment using the Recorded Future SOAR Triage API and the context Phishing.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

  • Recorded Future v2

Scripts

This playbook does not use any scripts.

Commands

  • recordedfuture-threat-assessment

Playbook Inputs


NameDescriptionDefault ValueRequired
CVECVE ID to check if it is related to the C2 context.CVE.IDOptional
IPIP Address to check if it is related to the C2 context.IP.AddressOptional
URLURL to check if it is related to the C2 context.URL.DataOptional
MD5MD5 to check if it is related to the C2 context.File.MD5Optional
SHA1SHA-1 to check if it is related to the C2 context.File.SHA1Optional
SHA256SHA-256 to check if it is related to the C2 context.File.SHA256Optional
DomainDomain to check if it is related to the C2 context.Domain.NameOptional
threat-assessment-contextContext to use for assessment. This is used by Recorded Future to calculate the relevant score and verdict. Valid values are "c2", "malware" and "phishing".phishingRequired

Playbook Outputs


PathDescriptionType
DBotScore.IndicatorThe indicator that was testedstring
DBotScore.TypeIndicator typestring
DBotScore.VendorVendor used to calculate the scorestring
DBotScore.ScoreThe actual scorenumber
File.SHA256File SHA-256string
File.SHA512File SHA-512string
File.SHA1File SHA-1string
File.MD5File MD5string
File.CRC32File CRC32string
File.CTPHFile CTPHstring
IP.AddressIP addressstring
IP.ASNASNstring
IP.Geo.CountryIP Geolocation Countrystring
Domain.NameDomain namestring
URL.DataURL namestring
CVE.IDVulnerability namestring
RecordedFuture.verdictRecorded Future verdictboolean
RecordedFuture.contextThreat Assessment Contextstring
RecordedFuture.riskScoreRecorded Future Max Scorenumber
RecordedFuture.Entities.idEntity IDstring
RecordedFuture.Entities.nameEntity Namestring
RecordedFuture.Entities.typeEntity Typestring
RecordedFuture.Entities.scoreEntity Scorestring
RecordedFuture.Entities.Evidence.ruleidRecorded Future Risk Rule IDstring
RecordedFuture.Entities.Evidence.timestampRecorded Future Evidence Timestampdate
RecordedFuture.Entities.Evidence.mitigationRecorded Future Evidence Mitigationstring
RecordedFuture.Entities.Evidence.descriptionRecorded Future Evidence Descriptionstring
RecordedFuture.Entities.Evidence.ruleRecorded Future Risk Rulestring
RecordedFuture.Entities.Evidence.levelRecorded Future Risk Rule Levelnumber

Playbook Image


Recorded Future Threat Assessment