RecordedFutureIPRiskList

Extracts the IP address risk list from the recorded future and creates indicators accordingly.

Script Data


NameDescription
Script Typepython
TagsRecordedFuture

Inputs


Argument NameDescription
listSpecifies an IP address list by a risk rule name. This can be retrieved with the get-ip-riskrules command.
thresholdThe minimum threshold score to consider indicators as malicious (65-99, greater than or equal to).
delete_existingWhether to delete the existing recorded future malicious IP address indicators.

Outputs


PathDescriptionType
InfoFile.NameThe name of the file.string
InfoFile.EntryIDThe entry ID of the file.string
InfoFile.Sizethe size of the file.number
InfoFile.TypeThe type of the file. For example, "PE".string
InfoFile.InfoThe basic information of the file.string
InfoFile.ExtensionThe extension of the file.string