Skip to main content

Recorded Future v2

This Integration is part of the Recorded Future Intelligence Pack.#

Supported versions

Available on Cortex XSOAR and Cortex XSIAM.

Unique threat intel technology that automatically serves up relevant insights in real time. This integration was integrated and tested with version 2.4.3 of Recorded Future v2

Some changes have been made that might affect your existing content. If you are upgrading from a previous version of this integration, see Breaking Changes.

Configure Recorded Future v2 in Cortex#

ParameterDescriptionRequired
Server URL (e.g., https://api.recordedfuture.com/gw/xsoar/)True
API TokenTrue
File Suspicious ThresholdMinimum risk score from Recorded Future to consider the file suspicious.False
File Malicious ThresholdMinimum risk score from Recorded Future to consider the file malicious.False
CVE Suspicious ThresholdMinimum risk score from Recorded Future to consider the CVE suspicious.False
CVE Malicious ThresholdMinimum risk score from Recorded Future to consider the CVE malicious.False
IP Suspicious ThresholdMinimum risk score from Recorded Future to consider the IP suspicious.False
IP Malicious ThresholdMinimum risk score from Recorded Future to consider the IP malicious.False
Domain Suspicious ThresholdMinimum risk score from Recorded Future to consider the domain suspicious.False
Domain Malicious ThresholdMinimum risk score from Recorded Future to consider the domain malicious.False
URL Suspicious ThresholdMinimum risk score from Recorded Future to consider the URL suspicious.False
URL Malicious ThresholdMinimum risk score from Recorded Future to consider the URL malicious.False
Vulnerability ThresholdMinimum risk score from Recorded Future to consider the vulnerability critical.False
Collective InsightsThe Recorded Future Intelligence Cloud aggregates data related to indicators, driving collective insights to better identify threats. Anonymized data is collected for analytical purposes to identify trends and insights with the Intelligence Cloud. Go to the Recorded Future support site to learn more about Collective Insights.True
Trust any certificate (not secure)False
Use system proxy settingsFalse
Fetch incidentsFalse
Rule names to fetch alerts byRule names to fetch alerts by, separated by semicolon. If empty, all alerts will be fetched.False
Alert Statuses to include in the fetchComma-separated alert statuses (e.g. "unassigned,assigned,pending,actionable,no-action,tuning"). If empty, the default value of "no-action" will be used.False
Update alert status on fetch.If selected, alerts with a status of 'no-action' will be updated to 'pending' once fetched by the integration.False
First fetch timeFormat: <number> <time unit>, e.g., "12 hours", "7 days", "3 months", "1 year".False
Incident typeFalse
Maximum number of incidents per fetchFalse
Source ReliabilityReliability of the source providing the intelligence data.False
False
Incidents Fetch IntervalFalse
Incidents Fetch IntervalFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

domain#

Gets a quick indicator of the risk associated with a domain.

Base Command#

domain

Input#

Argument NameDescriptionRequired
domainThe domain for which to get the reputation.Required

Context Output#

PathTypeDescription
DBotScore.IndicatorstringThe indicator that was tested.
DBotScore.TypestringThe indicator type.
DBotScore.VendorstringThe vendor used to calculate the score.
DBotScore.ScorenumberThe actual score.
Domain.Malicious.VendorstringFor malicious domains, the vendor that made the decision.
Domain.Malicious.DescriptionstringFor malicious Domains, the reason that the vendor made the decision.
Domain.NamestringDomain name.
RecordedFuture.Domain.riskScorenumberRecorded Future domain risk score.
RecordedFuture.Domain.riskLevelstringRecorded Future domain risk level.
RecordedFuture.Domain.Evidence.rulestringRecorded Future risk rule name.
RecordedFuture.Domain.Evidence.mitigationstringRecorded Future risk rule mitigation.
RecordedFuture.Domain.Evidence.descriptionstringRecorded Future risk rule description.
RecordedFuture.Domain.Evidence.timestampdateRecorded Future risk rule timestamp.
RecordedFuture.Domain.Evidence.levelnumberRecorded Future risk rule level.
RecordedFuture.Domain.Evidence.ruleidstringRecorded Future risk rule ID.
RecordedFuture.Domain.namestringDomain name.
RecordedFuture.Domain.maxRulesnumberMaximum number of Recorded Future domain risk rules.
RecordedFuture.Domain.rulesstringAll the rules concatenated by comma.
RecordedFuture.Domain.ruleCountnumberNumber of triggered Recorded Future domain risk rules.

ip#

Gets a quick indicator of the risk associated with an IP address.

Base Command#

ip

Input#

Argument NameDescriptionRequired
ipIP address for which to get the reputation.Required

Context Output#

PathTypeDescription
DBotScore.IndicatorstringThe indicator that was tested.
DBotScore.TypestringThe indicator type.
DBotScore.VendorstringThe vendor used to calculate the score.
DBotScore.ScorenumberThe actual score.
IP.Malicious.VendorstringFor malicious IP addresses, the vendor that made the decision.
IP.Malicious.DescriptionstringFor malicious IP addresses, the reason that the vendor made the decision.
IP.AddressstringIP address.
RecordedFuture.IP.riskScorenumberRecorded Future IP risk score.
RecordedFuture.IP.riskLevelstringRecorded Future IP risk level.
RecordedFuture.IP.Evidence.rulestringRecorded Future risk rule name.
RecordedFuture.IP.Evidence.mitigationstringRecorded Future risk rule mitigation.
RecordedFuture.IP.Evidence.descriptionstringRecorded Future risk rule description.
RecordedFuture.IP.Evidence.timestampdateRecorded Future risk rule timestamp.
RecordedFuture.IP.Evidence.levelnumberRecorded Future risk rule level.
RecordedFuture.IP.Evidence.ruleidstringRecorded Future risk rule ID.
RecordedFuture.IP.namestringIP address.
RecordedFuture.IP.maxRulesnumberMaximum number of Recorded Future IP risk rules.
RecordedFuture.IP.rulesstringAll the rules concatenated by comma.
RecordedFuture.IP.ruleCountnumberNumber of triggered Recorded Future IP risk rules.

file#

Gets a quick indicator of the risk associated with a file.

Base Command#

file

Input#

Argument NameDescriptionRequired
fileFile hash for which to check the reputation. Can be an MD5, SHA1, SHA256, SHA512, CRC32 or CTPH.Required

Context Output#

PathTypeDescription
DBotScore.IndicatorstringThe indicator that was tested.
DBotScore.TypestringThe indicator type.
DBotScore.VendorstringThe vendor used to calculate the score.
DBotScore.ScorenumberThe actual score.
File.SHA256stringSHA-256 hash of the file.
File.SHA512stringSHA-512 hash of the file.
File.SHA1stringSHA-1 hash of the file.
File.MD5stringMD5 hash of the file.
File.CRC32stringCRC32 hash of the file.
File.CTPHstringCTPH hash of the file.
File.Malicious.VendorstringFor malicious files, the vendor that made the decision.
File.Malicious.DescriptionstringFor malicious files, the reason that the vendor made the decision.
RecordedFuture.File.riskScorenumberRecorded Future hash risk score.
RecordedFuture.File.riskLevelstringRecorded Future hash risk level.
RecordedFuture.File.Evidence.rulestringRecorded Future risk rule name.
RecordedFuture.File.Evidence.mitigationstringRecorded Future risk rule mitigation.
RecordedFuture.File.Evidence.descriptionstringRecorded Future risk rule description.
RecordedFuture.File.Evidence.timestampdateRecorded Future risk rule timestamp.
RecordedFuture.File.Evidence.levelnumberRecorded Future risk rule level.
RecordedFuture.File.Evidence.ruleidstringRecorded Future risk rule ID.
RecordedFuture.File.namestringFile name.
RecordedFuture.File.maxRulesnumberMaximum number of Recorded Future hash risk rules.
RecordedFuture.File.rulesstringAll the rules concatenated by comma.
RecordedFuture.File.ruleCountnumberNumber of triggered Recorded Future hash risk rules.

cve#

Gets a quick indicator of the risk associated with a CVE.

Base Command#

cve

Input#

Argument NameDescriptionRequired
cveCVE for which to get the reputation.Required

Context Output#

PathTypeDescription
DBotScore.IndicatorstringThe indicator that was tested.
DBotScore.TypestringThe indicator type.
DBotScore.VendorstringThe vendor used to calculate the score.
DBotScore.ScorenumberThe actual score.
CVE.IDstringVulnerability name.
RecordedFuture.CVE.riskScorenumberRecorded Future vulnerability risk score.
RecordedFuture.CVE.riskLevelstringRecorded Future vulnerability risk level.
RecordedFuture.CVE.Evidence.rulestringRecorded Future risk rule name.
RecordedFuture.CVE.Evidence.mitigationstringRecorded Future risk rule mitigation.
RecordedFuture.CVE.Evidence.descriptionstringRecorded Future risk rule description.
RecordedFuture.CVE.Evidence.timestampdateRecorded Future risk rule timestamp.
RecordedFuture.CVE.Evidence.levelnumberRecorded Future risk rule level.
RecordedFuture.CVE.Evidence.ruleidstringRecorded Future risk rule ID.
RecordedFuture.CVE.namestringCVE name.
RecordedFuture.CVE.maxRulesnumberMaximum number of Recorded Future vulnerability risk rules.
RecordedFuture.CVE.rulesstringAll the rules concatenated by comma.
RecordedFuture.CVE.ruleCountnumberNumber of triggered Recorded Future vulnerability risk rules.

url#

Gets a quick indicator of the risk associated with a URL.

Base Command#

url

Input#

Argument NameDescriptionRequired
urlURL for which to get the reputation.Required

Context Output#

PathTypeDescription
DBotScore.IndicatorstringThe indicator that was tested.
DBotScore.TypestringThe indicator type.
DBotScore.VendorstringThe vendor used to calculate the score.
DBotScore.ScorenumberThe actual score.
URL.Malicious.VendorstringFor malicious URLs, the vendor that made the decision.
URL.Malicious.DescriptionstringFor malicious URLs, the reason that the vendor made the decision.
URL.DatastringURL name.
RecordedFuture.URL.riskScorenumberRecorded Future URL risk score.
RecordedFuture.URL.riskLevelstringRecorded Future URL risk level.
RecordedFuture.URL.Evidence.rulestringRecorded Risk rule name.
RecordedFuture.URL.Evidence.mitigationstringRecorded Risk rule mitigation.
RecordedFuture.URL.Evidence.descriptionstringRecorded Risk rule description.
RecordedFuture.URL.Evidence.timestampdateRecorded Risk rule timestamp.
RecordedFuture.URL.Evidence.levelnumberRecorded Risk rule level.
RecordedFuture.URL.Evidence.ruleidstringRecorded Risk rule ID.
RecordedFuture.URL.namestringURL name.
RecordedFuture.URL.maxRulesnumberMaximum number of Recorded Future URL risk rules.
RecordedFuture.URL.rulesstringAll the rules concatenated by comma.
RecordedFuture.URL.ruleCountnumberNumber of triggered Recorded Future URL risk rules.

recordedfuture-threat-assessment#

Get an indicator of the risk based on context.

Base Command#

recordedfuture-threat-assessment

Input#

Argument NameDescriptionRequired
contextContext to use for the assessment. This is used by Recorded Future to calculate the relevant score and verdict. Can be "c2", "malware", or "phishing". Possible values are: c2, malware, phishing.Required
ipIP addresses to check if they are related to the selected context.Optional
domainDomains to check if they are related to the selected context.Optional
fileFile hashes to check if they are related to the selected context.Optional
urlURLs to check if they are related to the selected context.Optional
cveCVEs to check if they are related to the selected context.Optional
filterWill filter out entities that have zero as score. Possible values are: yes, no.Optional

Context Output#

PathTypeDescription
DBotScore.IndicatorstringThe indicator that was tested.
DBotScore.TypestringIndicator type.
DBotScore.VendorstringVendor used to calculate the score.
DBotScore.ScorenumberThe actual score.
File.SHA256stringSHA-256 hash of the file.
File.SHA512stringSHA-512 hash of the file.
File.SHA1stringSHA-1 hash of the file.
File.MD5stringMD5 hash of the file.
File.CRC32stringCRC32 hash of the file.
File.CTPHstringCTPH hash of the file.
IP.AddressstringIP address.
IP.ASNstringASN.
IP.Geo.CountrystringIP address geolocation country.
Domain.NamestringDomain name.
URL.DatastringURL name.
CVE.IDstringVulnerability name.
RecordedFuture.verdictbooleanRecorded Future verdict.
RecordedFuture.contextstringThreat assessment context.
RecordedFuture.riskScorenumberRecorded Future maximum risk score.
RecordedFuture.Entities.idstringRecorded Future entity ID.
RecordedFuture.Entities.namestringRecorded Future entity name.
RecordedFuture.Entities.typestringRecorded Future entity type.
RecordedFuture.Entities.scorestringRecorded Future entity score.
RecordedFuture.Entities.contextstringContains the current context if there is evidence.
RecordedFuture.Entities.Evidence.ruleidstringRecorded Future risk rule ID.
RecordedFuture.Entities.Evidence.timestampdateRecorded Future evidence timestamp.
RecordedFuture.Entities.Evidence.mitigationstringRecorded Future evidence mitigation.
RecordedFuture.Entities.Evidence.descriptionstringRecorded Future evidence description.
RecordedFuture.Entities.Evidence.rulestringRecorded Future risk rule.
RecordedFuture.Entities.Evidence.levelnumberRecorded Future risk rule level.

recordedfuture-intelligence#

Get threat intelligence for an IP, Domain, CVE, URL, File or Malware.

Base Command#

recordedfuture-intelligence

Input#

Argument NameDescriptionRequired
profileDepending on what profile you choose you will get different related entities matching the given profile. Possible values are: All, Threat Hunter, SecOp Analyst, TI Analyst, Vulnerability Analyst. Default is All.Optional
entity_typeThe type of entity for which to fetch context. Should be provided with its value in entityValue argument. Can be "domain", "ip", "file", "url", "cve", or "malware". Possible values are: domain, ip, file, url, cve, malware.Required
entityThe value of the entity for which to fetch context. Should be provided with its type in entity_type argument. Supported hash types: MD5, SHA1, SHA256, SHA512, CRC32, and CTPH. Vulnerability supports CVEs.Required
fetch_related_entitiesWhether to fetch related entity data. Can be "yes" or "no". Possible values are: yes, no.Optional
fetch_analyst_notesWhether to fetch analyst notes. Can be "yes" or "no". Possible values are: yes, no. Default is no.Optional
fetch_riskyCIDRipsWhether risk scores for other IP addresses within the same CIDR should be fetched (only for IP intelligence). Can be "yes" or "no". Possible values are: no, yes. Default is no.Optional

Context Output#

PathTypeDescription
DBotScore.IndicatorstringThe indicator that was tested.
DBotScore.TypestringIndicator type.
DBotScore.VendorstringVendor used to calculate the score.
DBotScore.ScorenumberThe actual score.
File.SHA256stringSHA-256 hash of the file.
File.SHA512stringSHA-512 hash of the file.
File.SHA1stringSHA-1 hash of the file.
File.MD5stringMD5 hash of the file.
File.CRC32stringCRC32 hash of the file.
File.CTPHstringCTPH hash of the file.
IP.AddressstringIP address.
IP.ASNstringASN.
IP.Geo.CountrystringIP address geolocation country.
Domain.NamestringDomain name.
URL.DatastringURL name.
CVE.IDstringVulnerability name.
RecordedFuture.IP.criticalitynumberRisk criticality.
RecordedFuture.IP.criticalityLabelstringRisk criticality label.
RecordedFuture.IP.riskStringstringRisk string.
RecordedFuture.IP.riskSummarystringRisk summary.
RecordedFuture.IP.rulesstringRisk rules.
RecordedFuture.Ip.concatRulesstringAll risk rules concatenated by comma.
RecordedFuture.IP.scorenumberRisk score.
RecordedFuture.IP.firstSeendateEvidence first seen date.
RecordedFuture.IP.lastSeendateEvidence last seen date.
RecordedFuture.IP.intelCardstringRecorded Future intelligence card URL.
RecordedFuture.IP.typestringRecorded Future entity type.
RecordedFuture.IP.namestringRecorded Future entity name.
RecordedFuture.IP.idstringRecorded Future entity ID.
RecordedFuture.IP.location.asnstringASN number.
RecordedFuture.IP.location.cidr.idstringRecorded Future CIDR ID.
RecordedFuture.IP.location.cidr.namestringCIDR name.
RecordedFuture.IP.location.cidr.typestringCIDR type.
RecordedFuture.IP.location.location.citystringIP address geolocation city.
RecordedFuture.IP.location.location.continentstringIP address geolocation continent.
RecordedFuture.IP.location.location.countrystringIP address geolocation country.
RecordedFuture.IP.location.organizationstringIP address geolocation organization.
RecordedFuture.IP.metrics.typestringRecorded Future metrics type.
RecordedFuture.IP.metrics.valuenumberRecorded Future metrics value.
RecordedFuture.IP.threatLists.descriptionstringRecorded Future threat list description.
RecordedFuture.IP.threatLists.idstringRecorded Future threat list ID.
RecordedFuture.IP.threatLists.namestringRecorded Future threat list name.
RecordedFuture.IP.threatLists.typestringRecorded Future threat list type.
RecordedFuture.IP.relatedEntities.RelatedAttacker.countnumberRecorded Future related attacker count.
RecordedFuture.IP.relatedEntities.RelatedAttacker.idstringRecorded Future related attacker ID.
RecordedFuture.IP.relatedEntities.RelatedAttacker.namestringRecorded Future related attacker name.
RecordedFuture.IP.relatedEntities.RelatedAttacker.typestringRecorded Future related attacker type.
RecordedFuture.IP.relatedEntities.RelatedTarget.countnumberRecorded Future related target count.
RecordedFuture.IP.relatedEntities.RelatedTarget.idstringRecorded Future related target ID.
RecordedFuture.IP.relatedEntities.RelatedTarget.namestringRecorded Future related target name.
RecordedFuture.IP.relatedEntities.RelatedTarget.typestringRecorded Future related target type.
RecordedFuture.IP.relatedEntities.RelatedThreatActor.countnumberRecorded Future related threat actor count.
RecordedFuture.IP.relatedEntities.RelatedThreatActor.idstringRecorded Future related threat actor ID.
RecordedFuture.IP.relatedEntities.RelatedThreatActor.namestringRecorded Future related threat actor name.
RecordedFuture.IP.relatedEntities.RelatedThreatActor.typestringRecorded Future related threat actor type.
RecordedFuture.IP.relatedEntities.RelatedMalware.countnumberRecorded Future related malware count.
RecordedFuture.IP.relatedEntities.RelatedMalware.idstringRecorded Future related malware ID.
RecordedFuture.IP.relatedEntities.RelatedMalware.namestringRecorded Future related malware name.
RecordedFuture.IP.relatedEntities.RelatedMalware.typestringRecorded Future related malware type.
RecordedFuture.IP.relatedEntities.RelatedCyberVulnerability.countnumberRecorded Future related vulnerability count.
RecordedFuture.IP.relatedEntities.RelatedCyberVulnerability.idstringRecorded Future related vulnerability ID.
RecordedFuture.IP.relatedEntities.RelatedCyberVulnerability.namestringRecorded Future related vulnerability name.
RecordedFuture.IP.relatedEntities.RelatedCyberVulnerability.typestringRecorded Future related vulnerability type.
RecordedFuture.IP.relatedEntities.RelatedIpAddress.countnumberRecorded Future related IP address count.
RecordedFuture.IP.relatedEntities.RelatedIpAddress.idstringRecorded Future related IP address ID.
RecordedFuture.IP.relatedEntities.RelatedIpAddress.namestringRecorded Future related IP address name.
RecordedFuture.IP.relatedEntities.RelatedIpAddress.typestringRecorded Future related IP address type.
RecordedFuture.IP.relatedEntities.RelatedInternetDomainName.countnumberRecorded Future related domain name count.
RecordedFuture.IP.relatedEntities.RelatedInternetDomainName.idstringRecorded Future related domain name ID.
RecordedFuture.IP.relatedEntities.RelatedInternetDomainName.namestringRecorded Future related domain name name.
RecordedFuture.IP.relatedEntities.RelatedInternetDomainName.typestringRecorded Future related domain name type.
RecordedFuture.IP.relatedEntities.RelatedProduct.countnumberRecorded Future related product count.
RecordedFuture.IP.relatedEntities.RelatedProduct.idstringRecorded Future related product ID.
RecordedFuture.IP.relatedEntities.RelatedProduct.namestringRecorded Future related product name.
RecordedFuture.IP.relatedEntities.RelatedProduct.typestringRecorded Future related product type.
RecordedFuture.IP.relatedEntities.RelatedCountries.countnumberRecorded Future related countries count.
RecordedFuture.IP.relatedEntities.RelatedCountries.idstringRecorded Future related countries ID.
RecordedFuture.IP.relatedEntities.RelatedCountries.namestringRecorded Future related countries name.
RecordedFuture.IP.relatedEntities.RelatedCountries.typestringRecorded Future related countries type.
RecordedFuture.IP.relatedEntities.RelatedHash.countnumberRecorded Future related hash count.
RecordedFuture.IP.relatedEntities.RelatedHash.idstringRecorded Future related hash ID.
RecordedFuture.IP.relatedEntities.RelatedHash.namestringRecorded Future related hash name.
RecordedFuture.IP.relatedEntities.RelatedHash.typestringRecorded Future related hash type.
RecordedFuture.IP.relatedEntities.RelatedTechnology.countnumberRecorded Future related technology count.
RecordedFuture.IP.relatedEntities.RelatedTechnology.idstringRecorded Future related technology ID.
RecordedFuture.IP.relatedEntities.RelatedTechnology.namestringRecorded Future related technology name.
RecordedFuture.IP.relatedEntities.RelatedTechnology.typestringRecorded Future related technology type.
RecordedFuture.IP.relatedEntities.RelatedEmailAddress.countnumberRecorded Future related email address count.
RecordedFuture.IP.relatedEntities.RelatedEmailAddress.idstringRecorded Future related email address ID.
RecordedFuture.IP.relatedEntities.RelatedEmailAddress.namestringRecorded Future related email address name.
RecordedFuture.IP.relatedEntities.RelatedEmailAddress.typestringRecorded Future related email address type.
RecordedFuture.IP.relatedEntities.RelatedAttackVector.countnumberRecorded Future related attack vector count.
RecordedFuture.IP.relatedEntities.RelatedAttackVector.idstringRecorded Future related attack vector ID.
RecordedFuture.IP.relatedEntities.RelatedAttackVector.namestringRecorded Future related attack vector name.
RecordedFuture.IP.relatedEntities.RelatedAttackVector.typestringRecorded Future related attack vector type.
RecordedFuture.IP.relatedEntities.RelatedMalwareCategory.countnumberRecorded Future related malware category count.
RecordedFuture.IP.relatedEntities.RelatedMalwareCategory.idstringRecorded Future related malware category ID.
RecordedFuture.IP.relatedEntities.RelatedMalwareCategory.namestringRecorded Future related malware category name.
RecordedFuture.IP.relatedEntities.RelatedMalwareCategory.typestringRecorded Future related malware category type.
RecordedFuture.IP.relatedEntities.RelatedOperations.countnumberRecorded Future related operations count.
RecordedFuture.IP.relatedEntities.RelatedOperations.idstringRecorded Future related operations ID.
RecordedFuture.IP.relatedEntities.RelatedOperations.namestringRecorded Future related operations name.
RecordedFuture.IP.relatedEntities.RelatedOperations.typestringRecorded Future related operations type.
RecordedFuture.IP.relatedEntities.RelatedCompany.countnumberRecorded Future related company count.
RecordedFuture.IP.relatedEntities.RelatedCompany.idstringRecorded Future related company ID.
RecordedFuture.IP.relatedEntities.RelatedCompany.namestringRecorded Future related company name.
RecordedFuture.IP.relatedEntities.RelatedCompany.typestringRecorded Future related company type.
RecordedFuture.IP.analystNotes.attributes.context_entities.idstringRecorded Future analyst note context entity ID.
RecordedFuture.IP.analystNotes.attributes.context_entities.namestringRecorded Future analyst note context entity name.
RecordedFuture.IP.analystNotes.attributes.context_entities.typestringRecorded Future analyst note context entity type.
RecordedFuture.IP.analystNotes.attributes.note_entities.idstringRecorded Future analyst note entity ID.
RecordedFuture.IP.analystNotes.attributes.note_entities.namestringRecorded Future analyst note entity name.
RecordedFuture.IP.analystNotes.attributes.note_entities.typestringRecorded Future analyst note entity type.
RecordedFuture.IP.analystNotes.attributes.publisheddateRecorded Future analyst note publishing time.
RecordedFuture.IP.analystNotes.attributes.validated_ondateRecorded Future analyst note validation time.
RecordedFuture.IP.analystNotes.attributes.textstringRecorded Future analyst note content.
RecordedFuture.IP.analystNotes.attributes.titlestringRecorded Future analyst note title.
RecordedFuture.IP.analystNotes.attributes.topic.descriptionstringRecorded Future analyst note topic description.
RecordedFuture.IP.analystNotes.attributes.topic.idstringRecorded Future analyst note topic ID.
RecordedFuture.IP.analystNotes.attributes.topic.namestringRecorded Future analyst note topic name.
RecordedFuture.IP.analystNotes.attributes.topic.typestringRecorded Future analyst note topic type.
RecordedFuture.IP.analystNotes.attributes.validation_urls.idstringRecorded Future analyst note validation URL ID.
RecordedFuture.IP.analystNotes.attributes.validation_urls.namestringRecorded Future analyst note validation URL.
RecordedFuture.IP.analystNotes.attributes.validation_urls.typestringRecorded Future analyst note validation URL entity type.
RecordedFuture.IP.analystNotes.idstringRecorded Future analyst note ID.
RecordedFuture.IP.analystNotes.source.idstringRecorded Future analyst note source ID.
RecordedFuture.IP.analystNotes.source.namestringRecorded Future analyst note source name.
RecordedFuture.IP.analystNotes.source.typestringRecorded Future analyst note source type.
RecordedFuture.Domain.criticalitynumberRisk criticality.
RecordedFuture.Domain.criticalityLabelstringRisk criticality label.
RecordedFuture.Domain.riskStringstringRisk string.
RecordedFuture.Domain.riskSummarystringRisk summary.
RecordedFuture.Domain.rulesstringRisk rules.
RecordedFuture.Domain.concatRulesstringAll risk rules concatenated by comma.
RecordedFuture.Domain.scorenumberRisk score.
RecordedFuture.Domain.firstSeendateEvidence first seen date.
RecordedFuture.Domain.lastSeendateEvidence last seen.
RecordedFuture.Domain.intelCardstringRecorded Future intelligence card URL.
RecordedFuture.Domain.typestringRecorded Future entity type.
RecordedFuture.Domain.namestringRecorded Future entity name.
RecordedFuture.Domain.idstringRecorded Future entity ID.
RecordedFuture.Domain.metrics.typestringRecorded Future metrics type.
RecordedFuture.Domain.metrics.valuenumberRecorded Future metrics value.
RecordedFuture.Domain.threatLists.descriptionstringRecorded Future threat list description.
RecordedFuture.Domain.threatLists.idstringRecorded Future threat list ID.
RecordedFuture.Domain.threatLists.namestringRecorded Future threat list name.
RecordedFuture.Domain.threatLists.typestringRecorded Future threat list type.
RecordedFuture.Domain.relatedEntities.RelatedAttacker.countnumberRecorded Future related attacker count.
RecordedFuture.Domain.relatedEntities.RelatedAttacker.idstringRecorded Future related attacker ID.
RecordedFuture.Domain.relatedEntities.RelatedAttacker.namestringRecorded Future related attacker name.
RecordedFuture.Domain.relatedEntities.RelatedAttacker.typestringRecorded Future related attacker type.
RecordedFuture.Domain.relatedEntities.RelatedTarget.countnumberRecorded Future related target count.
RecordedFuture.Domain.relatedEntities.RelatedTarget.idstringRecorded Future related target ID.
RecordedFuture.Domain.relatedEntities.RelatedTarget.namestringRecorded Future related target name.
RecordedFuture.Domain.relatedEntities.RelatedTarget.typestringRecorded Future related target type.
RecordedFuture.Domain.relatedEntities.RelatedThreatActor.countnumberRecorded Future related threat actor count.
RecordedFuture.Domain.relatedEntities.RelatedThreatActor.idstringRecorded Future related threat actor ID.
RecordedFuture.Domain.relatedEntities.RelatedThreatActor.namestringRecorded Future related threat actor name.
RecordedFuture.Domain.relatedEntities.RelatedThreatActor.typestringRecorded Future related threat actor type.
RecordedFuture.Domain.relatedEntities.RelatedMalware.countnumberRecorded Future related malware count.
RecordedFuture.Domain.relatedEntities.RelatedMalware.idstringRecorded Future related malware ID.
RecordedFuture.Domain.relatedEntities.RelatedMalware.namestringRecorded Future related malware name.
RecordedFuture.Domain.relatedEntities.RelatedMalware.typestringRecorded Future related malware type.
RecordedFuture.Domain.relatedEntities.RelatedCyberVulnerability.countnumberRecorded Future related vulnerability count.
RecordedFuture.Domain.relatedEntities.RelatedCyberVulnerability.idstringRecorded Future related vulnerability ID.
RecordedFuture.Domain.relatedEntities.RelatedCyberVulnerability.namestringRecorded Future related vulnerability name.
RecordedFuture.Domain.relatedEntities.RelatedCyberVulnerability.typestringRecorded Future related vulnerability type.
RecordedFuture.Domain.relatedEntities.RelatedIpAddress.countnumberRecorded Future related IP address count.
RecordedFuture.Domain.relatedEntities.RelatedIpAddress.idstringRecorded Future related IP address ID.
RecordedFuture.Domain.relatedEntities.RelatedIpAddress.namestringRecorded Future related IP address name.
RecordedFuture.Domain.relatedEntities.RelatedIpAddress.typestringRecorded Future related IP address type.
RecordedFuture.Domain.relatedEntities.RelatedInternetDomainName.countnumberRecorded Future related domain name count.
RecordedFuture.Domain.relatedEntities.RelatedInternetDomainName.idstringRecorded Future related domain name ID.
RecordedFuture.Domain.relatedEntities.RelatedInternetDomainName.namestringRecorded Future related domain name name.
RecordedFuture.Domain.relatedEntities.RelatedInternetDomainName.typestringRecorded Future related domain name type.
RecordedFuture.Domain.relatedEntities.RelatedProduct.countnumberRecorded Future related product count.
RecordedFuture.Domain.relatedEntities.RelatedProduct.idstringRecorded Future related product ID.
RecordedFuture.Domain.relatedEntities.RelatedProduct.namestringRecorded Future related product name.
RecordedFuture.Domain.relatedEntities.RelatedProduct.typestringRecorded Future related product type.
RecordedFuture.Domain.relatedEntities.RelatedCountries.countnumberRecorded Future related countries count.
RecordedFuture.Domain.relatedEntities.RelatedCountries.idstringRecorded Future related countries ID.
RecordedFuture.Domain.relatedEntities.RelatedCountries.namestringRecorded Future related countries name.
RecordedFuture.Domain.relatedEntities.RelatedCountries.typestringRecorded Future related countries type.
RecordedFuture.Domain.relatedEntities.RelatedHash.countnumberRecorded Future related hash count.
RecordedFuture.Domain.relatedEntities.RelatedHash.idstringRecorded Future related hash ID.
RecordedFuture.Domain.relatedEntities.RelatedHash.namestringRecorded Future related hash name.
RecordedFuture.Domain.relatedEntities.RelatedHash.typestringRecorded Future related hash type.
RecordedFuture.Domain.relatedEntities.RelatedTechnology.countnumberRecorded Future related technology count.
RecordedFuture.Domain.relatedEntities.RelatedTechnology.idstringRecorded Future related technology ID.
RecordedFuture.Domain.relatedEntities.RelatedTechnology.namestringRecorded Future related technology name.
RecordedFuture.Domain.relatedEntities.RelatedTechnology.typestringRecorded Future related technology type.
RecordedFuture.Domain.relatedEntities.RelatedEmailAddress.countnumberRecorded Future related email address count.
RecordedFuture.Domain.relatedEntities.RelatedEmailAddress.idstringRecorded Future related email address ID.
RecordedFuture.Domain.relatedEntities.RelatedEmailAddress.namestringRecorded Future related email address name.
RecordedFuture.Domain.relatedEntities.RelatedEmailAddress.typestringRecorded Future related email address type.
RecordedFuture.Domain.relatedEntities.RelatedAttackVector.countnumberRecorded Future related attack vector count.
RecordedFuture.Domain.relatedEntities.RelatedAttackVector.idstringRecorded Future related attack vector ID.
RecordedFuture.Domain.relatedEntities.RelatedAttackVector.namestringRecorded Future related attack vector name.
RecordedFuture.Domain.relatedEntities.RelatedAttackVector.typestringRecorded Future related attack vector type.
RecordedFuture.Domain.relatedEntities.RelatedMalwareCategory.countnumberRecorded Future related malware category count.
RecordedFuture.Domain.relatedEntities.RelatedMalwareCategory.idstringRecorded Future related malware category ID.
RecordedFuture.Domain.relatedEntities.RelatedMalwareCategory.namestringRecorded Future related malware category name.
RecordedFuture.Domain.relatedEntities.RelatedMalwareCategory.typestringRecorded Future related malware category type.
RecordedFuture.Domain.relatedEntities.RelatedOperations.countnumberRecorded Future related operations count.
RecordedFuture.Domain.relatedEntities.RelatedOperations.idstringRecorded Future related operations ID.
RecordedFuture.Domain.relatedEntities.RelatedOperations.namestringRecorded Future related operations name.
RecordedFuture.Domain.relatedEntities.RelatedOperations.typestringRecorded Future related operations type.
RecordedFuture.Domain.relatedEntities.RelatedCompany.countnumberRecorded Future related company count.
RecordedFuture.Domain.relatedEntities.RelatedCompany.idstringRecorded Future related company ID.
RecordedFuture.Domain.relatedEntities.RelatedCompany.namestringRecorded Future related company name.
RecordedFuture.Domain.relatedEntities.RelatedCompany.typestringRecorded Future related company type.
RecordedFuture.Domain.analystNotes.attributes.context_entities.idstringRecorded Future analyst note context entity ID.
RecordedFuture.Domain.analystNotes.attributes.context_entities.namestringRecorded Future analyst note context entity name.
RecordedFuture.Domain.analystNotes.attributes.context_entities.typestringRecorded Future analyst note context entity type.
RecordedFuture.Domain.analystNotes.attributes.note_entities.idstringRecorded Future analyst note entity ID.
RecordedFuture.Domain.analystNotes.attributes.note_entities.namestringRecorded Future analyst note entity name.
RecordedFuture.Domain.analystNotes.attributes.note_entities.typestringRecorded Future analyst note entity type.
RecordedFuture.Domain.analystNotes.attributes.publisheddateRecorded Future analyst note publishing time.
RecordedFuture.Domain.analystNotes.attributes.validated_ondateRecorded Future analyst note validation time.
RecordedFuture.Domain.analystNotes.attributes.textstringRecorded Future analyst note content.
RecordedFuture.Domain.analystNotes.attributes.titlestringRecorded Future analyst note title.
RecordedFuture.Domain.analystNotes.attributes.topic.descriptionstringRecorded Future analyst note topic description.
RecordedFuture.Domain.analystNotes.attributes.topic.idstringRecorded Future analyst note topic ID.
RecordedFuture.Domain.analystNotes.attributes.topic.namestringRecorded Future analyst note topic name.
RecordedFuture.Domain.analystNotes.attributes.topic.typestringRecorded Future analyst note topic type.
RecordedFuture.Domain.analystNotes.attributes.validation_urls.idstringRecorded Future analyst note validation URL ID.
RecordedFuture.Domain.analystNotes.attributes.validation_urls.namestringRecorded Future analyst note validation URL.
RecordedFuture.Domain.analystNotes.attributes.validation_urls.typestringRecorded Future analyst note validation URL entity type.
RecordedFuture.Domain.analystNotes.idstringRecorded Future analyst note ID.
RecordedFuture.Domain.analystNotes.source.idstringRecorded Future analyst note source ID.
RecordedFuture.Domain.analystNotes.source.namestringRecorded Future analyst note source name.
RecordedFuture.Domain.analystNotes.source.typestringRecorded Future analyst note source type.
RecordedFuture.CVE.criticalitynumberRisk criticality.
RecordedFuture.CVE.criticalityLabelstringRisk criticality label.
RecordedFuture.CVE.riskStringstringRisk string.
RecordedFuture.CVE.riskSummarystringRisk summary.
RecordedFuture.CVE.rulesstringRisk rules.
RecordedFuture.CVE.concatRulesstringAll risk rules concatenated by comma.
RecordedFuture.CVE.scorenumberRisk score.
RecordedFuture.CVE.firstSeendateEvidence first seen.
RecordedFuture.CVE.lastSeendateEvidence last seen.
RecordedFuture.CVE.intelCardstringRecorded Future intelligence card URL.
RecordedFuture.CVE.hashAlgorithmstringHash algorithm.
RecordedFuture.CVE.typestringRecorded Future entity type.
RecordedFuture.CVE.namestringRecorded Future entity name.
RecordedFuture.CVE.idstringRecorded Future entity ID.
RecordedFuture.CVE.metrics.typestringRecorded Future metrics type.
RecordedFuture.CVE.metrics.valuenumberRecorded Future metrics value.
RecordedFuture.CVE.threatLists.descriptionstringRecorded Future threat list description.
RecordedFuture.CVE.threatLists.idstringRecorded Future threat list ID.
RecordedFuture.CVE.threatLists.namestringRecorded Future threat list name.
RecordedFuture.CVE.threatLists.typestringRecorded Future threat list type.
RecordedFuture.CVE.relatedEntities.RelatedAttacker.countnumberRecorded Future related attacker count.
RecordedFuture.CVE.relatedEntities.RelatedAttacker.idstringRecorded Future related attacker ID.
RecordedFuture.CVE.relatedEntities.RelatedAttacker.namestringRecorded Future related attacker name.
RecordedFuture.CVE.relatedEntities.RelatedAttacker.typestringRecorded Future related attacker type.
RecordedFuture.CVE.relatedEntities.RelatedTarget.countnumberRecorded Future related target count.
RecordedFuture.CVE.relatedEntities.RelatedTarget.idstringRecorded Future related target ID.
RecordedFuture.CVE.relatedEntities.RelatedTarget.namestringRecorded Future related target name.
RecordedFuture.CVE.relatedEntities.RelatedTarget.typestringRecorded Future related target type.
RecordedFuture.CVE.relatedEntities.RelatedThreatActor.countnumberRecorded Future related threat actor count.
RecordedFuture.CVE.relatedEntities.RelatedThreatActor.idstringRecorded Future related threat actor ID.
RecordedFuture.CVE.relatedEntities.RelatedThreatActor.namestringRecorded Future related threat actor name.
RecordedFuture.CVE.relatedEntities.RelatedThreatActor.typestringRecorded Future related threat actor type.
RecordedFuture.CVE.relatedEntities.RelatedMalware.countnumberRecorded Future related malware count.
RecordedFuture.CVE.relatedEntities.RelatedMalware.idstringRecorded Future related malware ID.
RecordedFuture.CVE.relatedEntities.RelatedMalware.namestringRecorded Future related malware name.
RecordedFuture.CVE.relatedEntities.RelatedMalware.typestringRecorded Future related malware type.
RecordedFuture.CVE.relatedEntities.RelatedCyberVulnerability.countnumberRecorded Future related vulnerability count.
RecordedFuture.CVE.relatedEntities.RelatedCyberVulnerability.idstringRecorded Future related vulnerability ID.
RecordedFuture.CVE.relatedEntities.RelatedCyberVulnerability.namestringRecorded Future related vulnerability name.
RecordedFuture.CVE.relatedEntities.RelatedCyberVulnerability.typestringRecorded Future related vulnerability type.
RecordedFuture.CVE.relatedEntities.RelatedIpAddress.countnumberRecorded Future related IP address count.
RecordedFuture.CVE.relatedEntities.RelatedIpAddress.idstringRecorded Future related IP address ID.
RecordedFuture.CVE.relatedEntities.RelatedIpAddress.namestringRecorded Future related IP address name.
RecordedFuture.CVE.relatedEntities.RelatedIpAddress.typestringRecorded Future related IP address type.
RecordedFuture.CVE.relatedEntities.RelatedInternetDomainName.countnumberRecorded Future related domain name count.
RecordedFuture.CVE.relatedEntities.RelatedInternetDomainName.idstringRecorded Future related domain name ID.
RecordedFuture.CVE.relatedEntities.RelatedInternetDomainName.namestringRecorded Future related domain name name.
RecordedFuture.CVE.relatedEntities.RelatedInternetDomainName.typestringRecorded Future related domain name type.
RecordedFuture.CVE.relatedEntities.RelatedProduct.countnumberRecorded Future related product count.
RecordedFuture.CVE.relatedEntities.RelatedProduct.idstringRecorded Future related product ID.
RecordedFuture.CVE.relatedEntities.RelatedProduct.namestringRecorded Future related product name.
RecordedFuture.CVE.relatedEntities.RelatedProduct.typestringRecorded Future related product type.
RecordedFuture.CVE.relatedEntities.RelatedCountries.countnumberRecorded Future related countries count.
RecordedFuture.CVE.relatedEntities.RelatedCountries.idstringRecorded Future related countries ID.
RecordedFuture.CVE.relatedEntities.RelatedCountries.namestringRecorded Future related countries name.
RecordedFuture.CVE.relatedEntities.RelatedCountries.typestringRecorded Future related countries type.
RecordedFuture.CVE.relatedEntities.RelatedHash.countnumberRecorded Future related hash count.
RecordedFuture.CVE.relatedEntities.RelatedHash.idstringRecorded Future related hash ID.
RecordedFuture.CVE.relatedEntities.RelatedHash.namestringRecorded Future related hash name.
RecordedFuture.CVE.relatedEntities.RelatedHash.typestringRecorded Future related hash type.
RecordedFuture.CVE.relatedEntities.RelatedTechnology.countnumberRecorded Future related technology count.
RecordedFuture.CVE.relatedEntities.RelatedTechnology.idstringRecorded Future related technology ID.
RecordedFuture.CVE.relatedEntities.RelatedTechnology.namestringRecorded Future related technology name.
RecordedFuture.CVE.relatedEntities.RelatedTechnology.typestringRecorded Future related technology type.
RecordedFuture.CVE.relatedEntities.RelatedEmailAddress.countnumberRecorded Future related email address count.
RecordedFuture.CVE.relatedEntities.RelatedEmailAddress.idstringRecorded Future related email address ID.
RecordedFuture.CVE.relatedEntities.RelatedEmailAddress.namestringRecorded Future related email address name.
RecordedFuture.CVE.relatedEntities.RelatedEmailAddress.typestringRecorded Future related email address type.
RecordedFuture.CVE.relatedEntities.RelatedAttackVector.countnumberRecorded Future related attack vector count.
RecordedFuture.CVE.relatedEntities.RelatedAttackVector.idstringRecorded Future related attack vector ID.
RecordedFuture.CVE.relatedEntities.RelatedAttackVector.namestringRecorded Future related attack vector name.
RecordedFuture.CVE.relatedEntities.RelatedAttackVector.typestringRecorded Future related attack vector type.
RecordedFuture.CVE.relatedEntities.RelatedMalwareCategory.countnumberRecorded Future related malware category count.
RecordedFuture.CVE.relatedEntities.RelatedMalwareCategory.idstringRecorded Future related malware category ID.
RecordedFuture.CVE.relatedEntities.RelatedMalwareCategory.namestringRecorded Future related malware category name.
RecordedFuture.CVE.relatedEntities.RelatedMalwareCategory.typestringRecorded Future related malware category type.
RecordedFuture.CVE.relatedEntities.RelatedOperations.countnumberRecorded Future related operations count.
RecordedFuture.CVE.relatedEntities.RelatedOperations.idstringRecorded Future related operations ID.
RecordedFuture.CVE.relatedEntities.RelatedOperations.namestringRecorded Future related operations name.
RecordedFuture.CVE.relatedEntities.RelatedOperations.typestringRecorded Future related operations type.
RecordedFuture.CVE.relatedEntities.RelatedCompany.countnumberRecorded Future related company count.
RecordedFuture.CVE.relatedEntities.RelatedCompany.idstringRecorded Future related company ID.
RecordedFuture.CVE.relatedEntities.RelatedCompany.namestringRecorded Future related company name.
RecordedFuture.CVE.relatedEntities.RelatedCompany.typestringRecorded Future related company type.
RecordedFuture.CVE.relatedLinksstringRecorded Future CVE related links.
RecordedFuture.CVE.analystNotes.attributes.context_entities.idstringRecorded Future analyst note context entity ID.
RecordedFuture.CVE.analystNotes.attributes.context_entities.namestringRecorded Future analyst note context entity name.
RecordedFuture.CVE.analystNotes.attributes.context_entities.typestringRecorded Future analyst note context entity type.
RecordedFuture.CVE.analystNotes.attributes.note_entities.idstringRecorded Future analyst note entity ID.
RecordedFuture.CVE.analystNotes.attributes.note_entities.namestringRecorded Future analyst note entity name.
RecordedFuture.CVE.analystNotes.attributes.note_entities.typestringRecorded Future analyst note entity type.
RecordedFuture.CVE.analystNotes.attributes.publisheddateRecorded Future analyst note publishing time.
RecordedFuture.CVE.analystNotes.attributes.validated_ondateRecorded Future analyst note validation time.
RecordedFuture.CVE.analystNotes.attributes.textstringRecorded Future analyst note content.
RecordedFuture.CVE.analystNotes.attributes.titlestringRecorded Future analyst note title.
RecordedFuture.CVE.analystNotes.attributes.topic.descriptionstringRecorded Future analyst note topic description.
RecordedFuture.CVE.analystNotes.attributes.topic.idstringRecorded Future analyst note topic ID.
RecordedFuture.CVE.analystNotes.attributes.topic.namestringRecorded Future analyst note topic name.
RecordedFuture.CVE.analystNotes.attributes.topic.typestringRecorded Future analyst note topic type.
RecordedFuture.CVE.analystNotes.attributes.validation_urls.idstringRecorded Future analyst note validation URL ID.
RecordedFuture.CVE.analystNotes.attributes.validation_urls.namestringRecorded Future analyst note validation URL.
RecordedFuture.CVE.analystNotes.attributes.validation_urls.typestringRecorded Future analyst note validation URL entity type.
RecordedFuture.CVE.analystNotes.idstringRecorded Future analyst note ID.
RecordedFuture.CVE.analystNotes.source.idstringRecorded Future analyst note source ID.
RecordedFuture.CVE.analystNotes.source.namestringRecorded Future analyst note source name.
RecordedFuture.CVE.analystNotes.source.typestringRecorded Future analyst note source type.
RecordedFuture.CVE.cpestringRecorded Future CPE information.
RecordedFuture.File.criticalitynumberRisk criticality.
RecordedFuture.File.criticalityLabelstringRisk criticality label.
RecordedFuture.File.riskStringstringRisk string.
RecordedFuture.File.riskSummarystringRisk summary.
RecordedFuture.File.rulesstringRisk rules.
RecordedFuture.File.concatRulesstringAll risk rules concatenated by comma.
RecordedFuture.File.scorenumberRisk score.
RecordedFuture.File.firstSeendateEvidence first seen.
RecordedFuture.File.lastSeendateEvidence last seen.
RecordedFuture.File.intelCardstringRecorded Future intelligence card URL.
RecordedFuture.File.hashAlgorithmstringHash algorithm.
RecordedFuture.File.typestringRecorded Future entity type.
RecordedFuture.File.namestringRecorded Future entity name.
RecordedFuture.File.idstringRecorded Future entity ID.
RecordedFuture.File.metrics.typestringRecorded Future metrics type.
RecordedFuture.File.metrics.valuenumberRecorded Future metrics value.
RecordedFuture.File.threatLists.descriptionstringRecorded Future threat list description.
RecordedFuture.File.threatLists.idstringRecorded Future threat list ID.
RecordedFuture.File.threatLists.namestringRecorded Future threat list name.
RecordedFuture.File.threatLists.typestringRecorded Future threat list type.
RecordedFuture.File.relatedEntities.RelatedAttacker.countnumberRecorded Future related attacker count.
RecordedFuture.File.relatedEntities.RelatedAttacker.idstringRecorded Future related attacker ID.
RecordedFuture.File.relatedEntities.RelatedAttacker.namestringRecorded Future related attacker name.
RecordedFuture.File.relatedEntities.RelatedAttacker.typestringRecorded Future related attacker type.
RecordedFuture.File.relatedEntities.RelatedTarget.countnumberRecorded Future related target count.
RecordedFuture.File.relatedEntities.RelatedTarget.idstringRecorded Future related target ID.
RecordedFuture.File.relatedEntities.RelatedTarget.namestringRecorded Future related target name.
RecordedFuture.File.relatedEntities.RelatedTarget.typestringRecorded Future related target type.
RecordedFuture.File.relatedEntities.RelatedThreatActor.countnumberRecorded Future related threat actor count.
RecordedFuture.File.relatedEntities.RelatedThreatActor.idstringRecorded Future related threat actor ID.
RecordedFuture.File.relatedEntities.RelatedThreatActor.namestringRecorded Future related threat actor name.
RecordedFuture.File.relatedEntities.RelatedThreatActor.typestringRecorded Future related threat actor type.
RecordedFuture.File.relatedEntities.RelatedMalware.countnumberRecorded Future related malware count.
RecordedFuture.File.relatedEntities.RelatedMalware.idstringRecorded Future related malware ID.
RecordedFuture.File.relatedEntities.RelatedMalware.namestringRecorded Future related malware name.
RecordedFuture.File.relatedEntities.RelatedMalware.typestringRecorded Future related malware type.
RecordedFuture.File.relatedEntities.RelatedCyberVulnerability.countnumberRecorded Future related vulnerability count.
RecordedFuture.File.relatedEntities.RelatedCyberVulnerability.idstringRecorded Future related vulnerability ID.
RecordedFuture.File.relatedEntities.RelatedCyberVulnerability.namestringRecorded Future related vulnerability name.
RecordedFuture.File.relatedEntities.RelatedCyberVulnerability.typestringRecorded Future related vulnerability type.
RecordedFuture.File.relatedEntities.RelatedIpAddress.countnumberRecorded Future related IP address count.
RecordedFuture.File.relatedEntities.RelatedIpAddress.idstringRecorded Future related IP address ID.
RecordedFuture.File.relatedEntities.RelatedIpAddress.namestringRecorded Future related IP address name.
RecordedFuture.File.relatedEntities.RelatedIpAddress.typestringRecorded Future related IP address type.
RecordedFuture.File.relatedEntities.RelatedInternetDomainName.countnumberRecorded Future related domain name count.
RecordedFuture.File.relatedEntities.RelatedInternetDomainName.idstringRecorded Future related domain name ID.
RecordedFuture.File.relatedEntities.RelatedInternetDomainName.namestringRecorded Future related domain name name.
RecordedFuture.File.relatedEntities.RelatedInternetDomainName.typestringRecorded Future related domain name type.
RecordedFuture.File.relatedEntities.RelatedProduct.countnumberRecorded Future related product count.
RecordedFuture.File.relatedEntities.RelatedProduct.idstringRecorded Future related product ID.
RecordedFuture.File.relatedEntities.RelatedProduct.namestringRecorded Future related product name.
RecordedFuture.File.relatedEntities.RelatedProduct.typestringRecorded Future related product type.
RecordedFuture.File.relatedEntities.RelatedCountries.countnumberRecorded Future related countries count.
RecordedFuture.File.relatedEntities.RelatedCountries.idstringRecorded Future related countries ID.
RecordedFuture.File.relatedEntities.RelatedCountries.namestringRecorded Future related countries name.
RecordedFuture.File.relatedEntities.RelatedCountries.typestringRecorded Future related countries type.
RecordedFuture.File.relatedEntities.RelatedHash.countnumberRecorded Future related hash count.
RecordedFuture.File.relatedEntities.RelatedHash.idstringRecorded Future related hash ID.
RecordedFuture.File.relatedEntities.RelatedHash.namestringRecorded Future related hash name.
RecordedFuture.File.relatedEntities.RelatedHash.typestringRecorded Future related hash type.
RecordedFuture.File.relatedEntities.RelatedTechnology.countnumberRecorded Future related technology count.
RecordedFuture.File.relatedEntities.RelatedTechnology.idstringRecorded Future related technology ID.
RecordedFuture.File.relatedEntities.RelatedTechnology.namestringRecorded Future related technology name.
RecordedFuture.File.relatedEntities.RelatedTechnology.typestringRecorded Future related technology type.
RecordedFuture.File.relatedEntities.RelatedEmailAddress.countnumberRecorded Future related email address count.
RecordedFuture.File.relatedEntities.RelatedEmailAddress.idstringRecorded Future related email address ID.
RecordedFuture.File.relatedEntities.RelatedEmailAddress.namestringRecorded Future related email address name.
RecordedFuture.File.relatedEntities.RelatedEmailAddress.typestringRecorded Future related email address type.
RecordedFuture.File.relatedEntities.RelatedAttackVector.countnumberRecorded Future related attack vector count.
RecordedFuture.File.relatedEntities.RelatedAttackVector.idstringRecorded Future related attack vector ID.
RecordedFuture.File.relatedEntities.RelatedAttackVector.namestringRecorded Future related attack vector name.
RecordedFuture.File.relatedEntities.RelatedAttackVector.typestringRecorded Future related attack vector type.
RecordedFuture.File.relatedEntities.RelatedMalwareCategory.countnumberRecorded Future related malware category count.
RecordedFuture.File.relatedEntities.RelatedMalwareCategory.idstringRecorded Future related malware category ID.
RecordedFuture.File.relatedEntities.RelatedMalwareCategory.namestringRecorded Future related malware category name.
RecordedFuture.File.relatedEntities.RelatedMalwareCategory.typestringRecorded Future related malware category type.
RecordedFuture.File.relatedEntities.RelatedOperations.countnumberRecorded Future related operations count.
RecordedFuture.File.relatedEntities.RelatedOperations.idstringRecorded Future related operations ID.
RecordedFuture.File.relatedEntities.RelatedOperations.namestringRecorded Future related operations name.
RecordedFuture.File.relatedEntities.RelatedOperations.typestringRecorded Future related operations type.
RecordedFuture.File.relatedEntities.RelatedCompany.countnumberRecorded Future related company count.
RecordedFuture.File.relatedEntities.RelatedCompany.idstringRecorded Future related company ID.
RecordedFuture.File.relatedEntities.RelatedCompany.namestringRecorded Future related company name.
RecordedFuture.File.relatedEntities.RelatedCompany.typestringRecorded Future related company type.
RecordedFuture.File.analystNotes.attributes.context_entities.idstringRecorded Future analyst note context entity ID.
RecordedFuture.File.analystNotes.attributes.context_entities.namestringRecorded Future analyst note context entity name.
RecordedFuture.File.analystNotes.attributes.context_entities.typestringRecorded Future analyst note context entity type.
RecordedFuture.File.analystNotes.attributes.note_entities.idstringRecorded Future analyst note entity ID.
RecordedFuture.File.analystNotes.attributes.note_entities.namestringRecorded Future analyst note entity name.
RecordedFuture.File.analystNotes.attributes.note_entities.typestringRecorded Future analyst note entity type.
RecordedFuture.File.analystNotes.attributes.publisheddateRecorded Future analyst note publishing time.
RecordedFuture.File.analystNotes.attributes.validated_ondateRecorded Future analyst note validation time.
RecordedFuture.File.analystNotes.attributes.textstringRecorded Future analyst note content.
RecordedFuture.File.analystNotes.attributes.titlestringRecorded Future analyst note title.
RecordedFuture.File.analystNotes.attributes.topic.descriptionstringRecorded Future analyst note topic description.
RecordedFuture.File.analystNotes.attributes.topic.idstringRecorded Future analyst note topic ID.
RecordedFuture.File.analystNotes.attributes.topic.namestringRecorded Future analyst note topic name.
RecordedFuture.File.analystNotes.attributes.topic.typestringRecorded Future analyst note topic type.
RecordedFuture.File.analystNotes.attributes.validation_urls.idstringRecorded Future analyst note validation URL ID.
RecordedFuture.File.analystNotes.attributes.validation_urls.namestringRecorded Future analyst note validation URL.
RecordedFuture.File.analystNotes.attributes.validation_urls.typestringRecorded Future analyst note validation URL entity type.
RecordedFuture.File.analystNotes.idstringRecorded Future analyst note ID.
RecordedFuture.File.analystNotes.source.idstringRecorded Future analyst note source ID.
RecordedFuture.File.analystNotes.source.namestringRecorded Future analyst note source name.
RecordedFuture.File.analystNotes.source.typestringRecorded Future analyst note source type.
RecordedFuture.URL.criticalitynumberRisk criticality.
RecordedFuture.URL.criticalityLabelstringRisk criticality label.
RecordedFuture.URL.riskStringstringRisk string.
RecordedFuture.URL.riskSummarystringRisk summary.
RecordedFuture.URL.rulesstringRisk rules.
RecordedFuture.URL.concatRulesstringAll risk rules concatenated by comma.
RecordedFuture.URL.scorenumberRisk score.
RecordedFuture.URL.firstSeendateEvidence first seen.
RecordedFuture.URL.lastSeendateEvidence last seen.
RecordedFuture.URL.intelCardstringRecorded Future intelligence card URL.
RecordedFuture.URL.typestringRecorded Future entity type.
RecordedFuture.URL.namestringRecorded Future entity name.
RecordedFuture.URL.idstringRecorded Future entity ID.
RecordedFuture.URL.metrics.typestringRecorded Future metrics type.
RecordedFuture.URL.metrics.valuenumberRecorded Future metrics value.
RecordedFuture.URL.threatLists.descriptionstringRecorded Future threat list description.
RecordedFuture.URL.threatLists.idstringRecorded Future threat list ID.
RecordedFuture.URL.threatLists.namestringRecorded Future threat list name.
RecordedFuture.URL.threatLists.typestringRecorded Future threat list type.
RecordedFuture.URL.relatedEntities.RelatedAttacker.countnumberRecorded Future related attacker count.
RecordedFuture.URL.relatedEntities.RelatedAttacker.idstringRecorded Future related attacker ID.
RecordedFuture.URL.relatedEntities.RelatedAttacker.namestringRecorded Future related attacker name.
RecordedFuture.URL.relatedEntities.RelatedAttacker.typestringRecorded Future related attacker type.
RecordedFuture.URL.relatedEntities.RelatedTarget.countnumberRecorded Future related target count.
RecordedFuture.URL.relatedEntities.RelatedTarget.idstringRecorded Future related target ID.
RecordedFuture.URL.relatedEntities.RelatedTarget.namestringRecorded Future related target name.
RecordedFuture.URL.relatedEntities.RelatedTarget.typestringRecorded Future related target type.
RecordedFuture.URL.relatedEntities.RelatedThreatActor.countnumberRecorded Future related threat actor count.
RecordedFuture.URL.relatedEntities.RelatedThreatActor.idstringRecorded Future related threat actor ID.
RecordedFuture.URL.relatedEntities.RelatedThreatActor.namestringRecorded Future related threat actor name.
RecordedFuture.URL.relatedEntities.RelatedThreatActor.typestringRecorded Future related threat actor type.
RecordedFuture.URL.relatedEntities.RelatedMalware.countnumberRecorded Future related malware count.
RecordedFuture.URL.relatedEntities.RelatedMalware.idstringRecorded Future related malware ID.
RecordedFuture.URL.relatedEntities.RelatedMalware.namestringRecorded Future related malware name.
RecordedFuture.URL.relatedEntities.RelatedMalware.typestringRecorded Future related malware type.
RecordedFuture.URL.relatedEntities.RelatedCyberVulnerability.countnumberRecorded Future related vulnerability count.
RecordedFuture.URL.relatedEntities.RelatedCyberVulnerability.idstringRecorded Future related vulnerability ID.
RecordedFuture.URL.relatedEntities.RelatedCyberVulnerability.namestringRecorded Future related vulnerability name.
RecordedFuture.URL.relatedEntities.RelatedCyberVulnerability.typestringRecorded Future related vulnerability type.
RecordedFuture.URL.relatedEntities.RelatedIpAddress.countnumberRecorded Future related IP address count.
RecordedFuture.URL.relatedEntities.RelatedIpAddress.idstringRecorded Future related IP address ID.
RecordedFuture.URL.relatedEntities.RelatedIpAddress.namestringRecorded Future related IP address name.
RecordedFuture.URL.relatedEntities.RelatedIpAddress.typestringRecorded Future related IP address type.
RecordedFuture.URL.relatedEntities.RelatedInternetDomainName.countnumberRecorded Future related domain name count.
RecordedFuture.URL.relatedEntities.RelatedInternetDomainName.idstringRecorded Future related domain name ID.
RecordedFuture.URL.relatedEntities.RelatedInternetDomainName.namestringRecorded Future related domain name name.
RecordedFuture.URL.relatedEntities.RelatedInternetDomainName.typestringRecorded Future related domain name type.
RecordedFuture.URL.relatedEntities.RelatedProduct.countnumberRecorded Future related product count.
RecordedFuture.URL.relatedEntities.RelatedProduct.idstringRecorded Future related product ID.
RecordedFuture.URL.relatedEntities.RelatedProduct.namestringRecorded Future related product name.
RecordedFuture.URL.relatedEntities.RelatedProduct.typestringRecorded Future related product type.
RecordedFuture.URL.relatedEntities.RelatedCountries.countnumberRecorded Future related countries count.
RecordedFuture.URL.relatedEntities.RelatedCountries.idstringRecorded Future related countries ID.
RecordedFuture.URL.relatedEntities.RelatedCountries.namestringRecorded Future related countries name.
RecordedFuture.URL.relatedEntities.RelatedCountries.typestringRecorded Future related countries type.
RecordedFuture.URL.relatedEntities.RelatedHash.countnumberRecorded Future related hash count.
RecordedFuture.URL.relatedEntities.RelatedHash.idstringRecorded Future related hash ID.
RecordedFuture.URL.relatedEntities.RelatedHash.namestringRecorded Future related hash name.
RecordedFuture.URL.relatedEntities.RelatedHash.typestringRecorded Future related hash type.
RecordedFuture.URL.relatedEntities.RelatedTechnology.countnumberRecorded Future related technology count.
RecordedFuture.URL.relatedEntities.RelatedTechnology.idstringRecorded Future related technology ID.
RecordedFuture.URL.relatedEntities.RelatedTechnology.namestringRecorded Future related technology name.
RecordedFuture.URL.relatedEntities.RelatedTechnology.typestringRecorded Future related technology type.
RecordedFuture.URL.relatedEntities.RelatedEmailAddress.countnumberRecorded Future related email address count.
RecordedFuture.URL.relatedEntities.RelatedEmailAddress.idstringRecorded Future related email address ID.
RecordedFuture.URL.relatedEntities.RelatedEmailAddress.namestringRecorded Future related email address name.
RecordedFuture.URL.relatedEntities.RelatedEmailAddress.typestringRecorded Future related email address type.
RecordedFuture.URL.relatedEntities.RelatedAttackVector.countnumberRecorded Future related attack vector count.
RecordedFuture.URL.relatedEntities.RelatedAttackVector.idstringRecorded Future related attack vector ID.
RecordedFuture.URL.relatedEntities.RelatedAttackVector.namestringRecorded Future related attack vector name.
RecordedFuture.URL.relatedEntities.RelatedAttackVector.typestringRecorded Future related attack vector type.
RecordedFuture.URL.relatedEntities.RelatedMalwareCategory.countnumberRecorded Future related malware category count.
RecordedFuture.URL.relatedEntities.RelatedMalwareCategory.idstringRecorded Future related malware category ID.
RecordedFuture.URL.relatedEntities.RelatedMalwareCategory.namestringRecorded Future related malware category name.
RecordedFuture.URL.relatedEntities.RelatedMalwareCategory.typestringRecorded Future related malware category type.
RecordedFuture.URL.relatedEntities.RelatedOperations.countnumberRecorded Future related operations count.
RecordedFuture.URL.relatedEntities.RelatedOperations.idstringRecorded Future related operations ID.
RecordedFuture.URL.relatedEntities.RelatedOperations.namestringRecorded Future related operations name.
RecordedFuture.URL.relatedEntities.RelatedOperations.typestringRecorded Future related operations type.
RecordedFuture.URL.relatedEntities.RelatedCompany.countnumberRecorded Future related company count.
RecordedFuture.URL.relatedEntities.RelatedCompany.idstringRecorded Future related company ID.
RecordedFuture.URL.relatedEntities.RelatedCompany.namestringRecorded Future related company name.
RecordedFuture.URL.relatedEntities.RelatedCompany.typestringRecorded Future related company type.
RecordedFuture.URL.analystNotes.attributes.context_entities.idstringRecorded Future analyst note context entity ID.
RecordedFuture.URL.analystNotes.attributes.context_entities.namestringRecorded Future analyst note context entity name.
RecordedFuture.URL.analystNotes.attributes.context_entities.typestringRecorded Future analyst note context entity type.
RecordedFuture.URL.analystNotes.attributes.note_entities.idstringRecorded Future analyst note entity ID.
RecordedFuture.URL.analystNotes.attributes.note_entities.namestringRecorded Future analyst note entity name.
RecordedFuture.URL.analystNotes.attributes.note_entities.typestringRecorded Future analyst note entity type.
RecordedFuture.URL.analystNotes.attributes.publisheddateRecorded Future analyst note publishing time.
RecordedFuture.URL.analystNotes.attributes.validated_ondateRecorded Future analyst note validation time.
RecordedFuture.URL.analystNotes.attributes.textstringRecorded Future analyst note content.
RecordedFuture.URL.analystNotes.attributes.titlestringRecorded Future analyst note title.
RecordedFuture.URL.analystNotes.attributes.topic.descriptionstringRecorded Future analyst note topic description.
RecordedFuture.URL.analystNotes.attributes.topic.idstringRecorded Future analyst note topic ID.
RecordedFuture.URL.analystNotes.attributes.topic.namestringRecorded Future analyst note topic name.
RecordedFuture.URL.analystNotes.attributes.topic.typestringRecorded Future analyst note topic type.
RecordedFuture.URL.analystNotes.attributes.validation_urls.idstringRecorded Future analyst note validation URL ID.
RecordedFuture.URL.analystNotes.attributes.validation_urls.namestringRecorded Future analyst note validation URL.
RecordedFuture.URL.analystNotes.attributes.validation_urls.typestringRecorded Future analyst note validation URL entity type.
RecordedFuture.URL.analystNotes.idstringRecorded Future analyst note ID.
RecordedFuture.URL.analystNotes.source.idstringRecorded Future analyst note source ID.
RecordedFuture.URL.analystNotes.source.namestringRecorded Future analyst note source name.
RecordedFuture.URL.analystNotes.source.typestringRecorded Future analyst note source type.
RecordedFuture.Malware.metrics.typestringRecorded Future metrics type.
RecordedFuture.Malware.metrics.valuenumberRecorded Future metrics value.
RecordedFuture.Malware.intelCarddateRecorded Future intelligence card URL.
RecordedFuture.Malware.firstSeendateEvidence first seen.
RecordedFuture.Malware.lastSeendateEvidence last seen.
RecordedFuture.Malware.namedateRecorded Future entity name.
RecordedFuture.Malware.typestringRecorded Future entity type (always = "Malware").
RecordedFuture.Malware.idstringRecorded Future malware ID.
RecordedFuture.Malware.categories.idstringRecorded Future malware category ID.
RecordedFuture.Malware.categories.namestringRecorded Future malware category name.
RecordedFuture.Malware.categories.typestringRecorded Future malware category type (always = "MalwareCategory").
RecordedFuture.Malware.relatedEntities.RelatedAttacker.countnumberRecorded Future related attacker count.
RecordedFuture.Malware.relatedEntities.RelatedAttacker.idstringRecorded Future related attacker ID.
RecordedFuture.Malware.relatedEntities.RelatedAttacker.namestringRecorded Future related attacker name.
RecordedFuture.Malware.relatedEntities.RelatedAttacker.typestringRecorded Future related attacker type.
RecordedFuture.Malware.relatedEntities.RelatedTarget.countnumberRecorded Future related target count.
RecordedFuture.Malware.relatedEntities.RelatedTarget.idstringRecorded Future related target ID.
RecordedFuture.Malware.relatedEntities.RelatedTarget.namestringRecorded Future related target name.
RecordedFuture.Malware.relatedEntities.RelatedTarget.typestringRecorded Future related target type.
RecordedFuture.Malware.relatedEntities.RelatedThreatActor.countnumberRecorded Future related threat actor count.
RecordedFuture.Malware.relatedEntities.RelatedThreatActor.idstringRecorded Future related threat actor ID.
RecordedFuture.Malware.relatedEntities.RelatedThreatActor.namestringRecorded Future related threat actor name.
RecordedFuture.Malware.relatedEntities.RelatedThreatActor.typestringRecorded Future related threat actor type.
RecordedFuture.Malware.relatedEntities.RelatedMalware.countnumberRecorded Future related malware count.
RecordedFuture.Malware.relatedEntities.RelatedMalware.idstringRecorded Future related malware ID.
RecordedFuture.Malware.relatedEntities.RelatedMalware.namestringRecorded Future related malware name.
RecordedFuture.Malware.relatedEntities.RelatedMalware.typestringRecorded Future related malware type.
RecordedFuture.Malware.relatedEntities.RelatedCyberVulnerability.countnumberRecorded Future related vulnerability count.
RecordedFuture.Malware.relatedEntities.RelatedCyberVulnerability.idstringRecorded Future related vulnerability ID.
RecordedFuture.Malware.relatedEntities.RelatedCyberVulnerability.namestringRecorded Future related vulnerability name.
RecordedFuture.Malware.relatedEntities.RelatedCyberVulnerability.typestringRecorded Future related vulnerability type.
RecordedFuture.Malware.relatedEntities.RelatedIpAddress.countnumberRecorded Future related IP address count.
RecordedFuture.Malware.relatedEntities.RelatedIpAddress.idstringRecorded Future related IP address ID.
RecordedFuture.Malware.relatedEntities.RelatedIpAddress.namestringRecorded Future related IP address name.
RecordedFuture.Malware.relatedEntities.RelatedIpAddress.typestringRecorded Future related IP address type.
RecordedFuture.Malware.relatedEntities.RelatedInternetDomainName.countnumberRecorded Future related domain name count.
RecordedFuture.Malware.relatedEntities.RelatedInternetDomainName.idstringRecorded Future related domain name ID.
RecordedFuture.Malware.relatedEntities.RelatedInternetDomainName.namestringRecorded Future related domain name name.
RecordedFuture.Malware.relatedEntities.RelatedInternetDomainName.typestringRecorded Future related domain name type.
RecordedFuture.Malware.relatedEntities.RelatedProduct.countnumberRecorded Future related product count.
RecordedFuture.Malware.relatedEntities.RelatedProduct.idstringRecorded Future related product ID.
RecordedFuture.Malware.relatedEntities.RelatedProduct.namestringRecorded Future related product name.
RecordedFuture.Malware.relatedEntities.RelatedProduct.typestringRecorded Future related product type.
RecordedFuture.Malware.relatedEntities.RelatedCountries.countnumberRecorded Future related countries count.
RecordedFuture.Malware.relatedEntities.RelatedCountries.idstringRecorded Future related countries ID.
RecordedFuture.Malware.relatedEntities.RelatedCountries.namestringRecorded Future related countries name.
RecordedFuture.Malware.relatedEntities.RelatedCountries.typestringRecorded Future related countries type.
RecordedFuture.Malware.relatedEntities.RelatedHash.countnumberRecorded Future related hash count.
RecordedFuture.Malware.relatedEntities.RelatedHash.idstringRecorded Future related hash ID.
RecordedFuture.Malware.relatedEntities.RelatedHash.namestringRecorded Future related hash name.
RecordedFuture.Malware.relatedEntities.RelatedHash.typestringRecorded Future related hash type.
RecordedFuture.Malware.relatedEntities.RelatedTechnology.countnumberRecorded Future related technology count.
RecordedFuture.Malware.relatedEntities.RelatedTechnology.idstringRecorded Future related technology ID.
RecordedFuture.Malware.relatedEntities.RelatedTechnology.namestringRecorded Future related technology name.
RecordedFuture.Malware.relatedEntities.RelatedTechnology.typestringRecorded Future related technology type.
RecordedFuture.Malware.relatedEntities.RelatedEmailAddress.countnumberRecorded Future related email address count.
RecordedFuture.Malware.relatedEntities.RelatedEmailAddress.idstringRecorded Future related email address ID.
RecordedFuture.Malware.relatedEntities.RelatedEmailAddress.namestringRecorded Future related email address name.
RecordedFuture.Malware.relatedEntities.RelatedEmailAddress.typestringRecorded Future related email address type.
RecordedFuture.Malware.relatedEntities.RelatedAttackVector.countnumberRecorded Future related attack vector count.
RecordedFuture.Malware.relatedEntities.RelatedAttackVector.idstringRecorded Future related attack vector ID.
RecordedFuture.Malware.relatedEntities.RelatedAttackVector.namestringRecorded Future related attack vector name.
RecordedFuture.Malware.relatedEntities.RelatedAttackVector.typestringRecorded Future related attack vector type.
RecordedFuture.Malware.relatedEntities.RelatedMalwareCategory.countnumberRecorded Future related malware category count.
RecordedFuture.Malware.relatedEntities.RelatedMalwareCategory.idstringRecorded Future related malware category ID.
RecordedFuture.Malware.relatedEntities.RelatedMalwareCategory.namestringRecorded Future related malware category name.
RecordedFuture.Malware.relatedEntities.RelatedMalwareCategory.typestringRecorded Future related malware category type.
RecordedFuture.Malware.relatedEntities.RelatedOperations.countnumberRecorded Future related operations count.
RecordedFuture.Malware.relatedEntities.RelatedOperations.idstringRecorded Future related operations ID.
RecordedFuture.Malware.relatedEntities.RelatedOperations.namestringRecorded Future related operations name.
RecordedFuture.Malware.relatedEntities.RelatedOperations.typestringRecorded Future related operations type.
RecordedFuture.Malware.relatedEntities.RelatedCompany.countnumberRecorded Future related company count.
RecordedFuture.Malware.relatedEntities.RelatedCompany.idstringRecorded Future related company ID.
RecordedFuture.Malware.relatedEntities.RelatedCompany.namestringRecorded Future related company name.
RecordedFuture.Malware.relatedEntities.RelatedCompany.typestringRecorded Future related company type.
RecordedFuture.Malware.analystNotes.attributes.context_entities.idstringRecorded Future analyst note context entity ID.
RecordedFuture.Malware.analystNotes.attributes.context_entities.namestringRecorded Future analyst note context entity name.
RecordedFuture.Malware.analystNotes.attributes.context_entities.typestringRecorded Future analyst note context entity type.
RecordedFuture.Malware.analystNotes.attributes.note_entities.idstringRecorded Future analyst note entity ID.
RecordedFuture.Malware.analystNotes.attributes.note_entities.namestringRecorded Future analyst note entity name.
RecordedFuture.Malware.analystNotes.attributes.note_entities.typestringRecorded Future analyst note entity type.
RecordedFuture.Malware.analystNotes.attributes.publisheddateRecorded Future analyst note publishing time.
RecordedFuture.Malware.analystNotes.attributes.validated_ondateRecorded Future analyst note validation time.
RecordedFuture.Malware.analystNotes.attributes.textstringRecorded Future analyst note content.
RecordedFuture.Malware.analystNotes.attributes.titlestringRecorded Future analyst note title.
RecordedFuture.Malware.analystNotes.attributes.topic.descriptionstringRecorded Future analyst note topic description.
RecordedFuture.Malware.analystNotes.attributes.topic.idstringRecorded Future analyst note topic ID.
RecordedFuture.Malware.analystNotes.attributes.topic.namestringRecorded Future analyst note topic name.
RecordedFuture.Malware.analystNotes.attributes.topic.typestringRecorded Future analyst note topic type.
RecordedFuture.Malware.analystNotes.attributes.validation_urls.idstringRecorded Future analyst note validation URL ID.
RecordedFuture.Malware.analystNotes.attributes.validation_urls.namestringRecorded Future analyst note validation URL.
RecordedFuture.Malware.analystNotes.attributes.validation_urls.typestringRecorded Future analyst note validation URL entity type.
RecordedFuture.Malware.analystNotes.idstringRecorded Future analyst note ID.
RecordedFuture.Malware.analystNotes.source.idstringRecorded Future analyst note source ID.
RecordedFuture.Malware.analystNotes.source.namestringRecorded Future analyst note source name.
RecordedFuture.Malware.analystNotes.source.typestringRecorded Future analyst note source type.

recordedfuture-links#

Get Insikt Group Research Links for an IP, Domain, CVE, URL, File, or Malware.

Base Command#

recordedfuture-links

Input#

Argument NameDescriptionRequired
entity_typeThe type of entity for which to fetch context. Should be provided with its value in entityValue argument. Can be "domain", "ip", "file", "url", "cve", or "malware". Possible values are: domain, ip, file, url, cve, malware.Required
entityThe value of the entity for which to fetch context. Should be provided with its type in entity_type argument. Supported hash types: MD5, SHA1, SHA256, SHA512, CRC32, and CTPH. Vulnerability supports CVEs.Required

Context Output#

PathTypeDescription
RecordedFuture.Links.categoryStringRecorded Future links category.
RecordedFuture.Links.typeStringRecorded Future links type.
RecordedFuture.Links.lists.entity_typeStringRecorded Future links entity list type.
RecordedFuture.Links.lists.entities.typeStringRecorded Future link entity type.
RecordedFuture.Links.lists.entities.nameStringRecorded Future link entity name.
RecordedFuture.Links.lists.entities.scoreNumberRecorded Future link entity risk score.

recordedfuture-single-alert#

Get detailed information from vulnerability, typosquat and credential alerts.

Base Command#

recordedfuture-single-alert

Input#

Argument NameDescriptionRequired
idAlert ID.Required

Context Output#

PathTypeDescription
RecordedFuture.SingleAlert.idstringRecorded Future alert ID.
RecordedFuture.SingleAlert.flat_entities.fragmentstringRecorded Future fragment of the entity.
RecordedFuture.SingleAlert.flat_entities.namestringRecorded Future name of the entity.
RecordedFuture.SingleAlert.flat_entities.typestringRecorded Future type of the entity.
RecordedFuture.SingleAlert.flat_entities.idstringRecorded Future ID of the entity.

recordedfuture-alerts#

Gets details on alerts configured and generated by Recorded Future by alert rule ID and/or time range.

Base Command#

recordedfuture-alerts

Input#

Argument NameDescriptionRequired
rule_idAlert rule ID.Optional
limitMaximum number of alerts to return. Default is 10. Default is 10.Optional
triggered_timeAlert triggered time, e.g., "1 hour" or "2 days".Optional
assigneeAlert assignee's email address.Optional
statusAlert review status. Can be "unassigned", "assigned", "pending", "actionable", "no-action", or "tuning". Possible values are: unassigned, assigned, pending, actionable, no-action, tuning.Optional
freetextFree text search.Optional
offsetAlerts from offset.Optional
orderbyAlerts sort order. Possible values are: triggered.Optional
directionThe direction by which to sort alerts. Can be "asc" or "desc". Possible values are: asc, desc.Optional

Context Output#

PathTypeDescription
RecordedFuture.Alert.idstringAlert ID.
RecordedFuture.Alert.namestringAlert name.
RecordedFuture.Alert.typestringAlert type.
RecordedFuture.Alert.triggereddateAlert triggered time.
RecordedFuture.Alert.statusstringAlert status.
RecordedFuture.Alert.assigneestringAlert assignee.
RecordedFuture.Alert.rulestringAlert rule name.

recordedfuture-alert-rules#

Search for alert rule IDs.

Base Command#

recordedfuture-alert-rules

Input#

Argument NameDescriptionRequired
rule_nameRule name to search. Can be a partial name.Optional
limitMaximum number of rules to return. Default is 10. Default is 10.Optional

Context Output#

PathTypeDescription
RecordedFuture.AlertRule.idstringAlert rule ID.
RecordedFuture.AlertRule.namestringAlert rule name.

recordedfuture-alert-set-status#

Set alert into predefined status.

Base Command#

recordedfuture-alert-set-status

Input#

Argument NameDescriptionRequired
alert_idAlert id.Required
statusThe status we want to set for the alert in Recorded Future. Possible values are: unassigned, assigned, pending, dismiss, no-action, actionable, tuning.Required

Context Output#

PathTypeDescription
RecordedFuture.Alerts.idStringRecorded Future alert ID.
RecordedFuture.Alerts.statusStringRecorded Future alert status.
RecordedFuture.Alerts.note.textStringRecorded Future alert note text.
RecordedFuture.Alerts.note.authorStringRecorded Future alert note author.
RecordedFuture.Alerts.note.datedateRecorded Future alert note date.
RecordedFuture.Alerts.reviewDatedateRecorded Future alert get date.

recordedfuture-alert-set-note#

Set a note for the alert in Recorded Future.

Base Command#

recordedfuture-alert-set-note

Input#

Argument NameDescriptionRequired
alert_idAlert ID.Required
noteThe note of the ID we want to set.Required

Context Output#

PathTypeDescription
RecordedFuture.Alerts.idStringRecorded Future alert ID.
RecordedFuture.Alerts.statusStringRecorded Future alert status.
RecordedFuture.Alerts.note.textStringRecorded Future alert note text.
RecordedFuture.Alerts.note.authorStringRecorded Future alert note author.
RecordedFuture.Alerts.note.datedateRecorded Future alert note date.
RecordedFuture.Alerts.reviewDatedateRecorded Future alert get date.

recordedfuture-malware-search#

Search for a malware by specified filters.

Base Command#

recordedfuture-malware-search

Input#

Argument NameDescriptionRequired
freetextPart of malware name or ID to search for.Optional
limitHow many records to retrieve (default = 10).Optional

Context Output#

PathTypeDescription
RecordedFuture.Malware.idstringRecorded Future malware ID.
RecordedFuture.Malware.namestringRecorded Future entity name.
RecordedFuture.Malware.typestringRecorded Future entity type (always = "Malware").
RecordedFuture.Malware.intelCarddateRecorded Future intelligence card URL.

Base Command#

recordedfuture-threat-map

Input#

Argument NameDescriptionRequired
actors_idsActors IDs for which to get the threat mapOptional
actor_nameActors name for which to get the threat mapOptional
include_linksFetch links to threat actor or notOptional

Context Output#

PathTypeDescription
RecordedFuture.ThreatMap.idstringRecorded Future threat actor ID.
RecordedFuture.ThreatMap.namestringRecorded Future entity name.
RecordedFuture.ThreatMap.aliasarrayRecorded Future threat actor alias.
RecordedFuture.ThreatMap.intentnumberRecorded Future threat actor intent.
RecordedFuture.ThreatMap.idstringRecorded Future threat actor ID.
RecordedFuture.ThreatMap.opportunitynumberRecorded Future threat actor opportunity.
RecordedFuture.ThreatMap.log_entriesarrayRecorded Future threat actor log entries.
RecordedFuture.ThreatMap.linksarrayRecorded Future threat actor links.

Base Command#

recordedfuture-threat-links

Input#

Argument NameDescriptionRequired
entity_typeType of the entity to fetch links for. E.g. "domain", "ip", "file", "url", "cve", "malware", "organization, "person". Should be provided along with the entity in entity_name argument.Optional
entity_nameName of the entity to fetch links forOptional
entity_idID of entity to fetch links forOptional
source_typeSource of the links to be fetched. Can be "insikt" or "technical"Optional
timeframeTime range of the links to be fetched. Eg. "-1d" for last 1 dayOptional
technical_typeType of technical source to fetch links from. Can be "type:MalwareAnalysis", "type:InfrastructureAnalysis", "type:NetworkTrafficAnalysis" or "type:TTPAnalysis"Optional

Context Output#

PathTypeDescription
RecordedFuture.Links.entity.idstringRecorded Future Entity id.
RecordedFuture.Links.entity.typestringRecorded Future Entity type
RecordedFuture.Links.links.typestringRecorded Future link type.
RecordedFuture.Links.links.idstringRecorded Future link id.
RecordedFuture.Links.links.namestringRecorded Future link name.
RecordedFuture.Links.links.sourcestringRecorded Future link source.
RecordedFuture.Links.links.sectionstringRecorded Future link section.
RecordedFuture.Links.links.attributesstringRecorded Future link attributes.

Base Command#

recordedfuture-detection-rules

Input#

Argument NameDescriptionRequired
entity_typeType of the entity to fetch links forOptional
entity_nameName of the entity to fetch links forOptional
entity_idID of entity to fetch links forOptional
rule_typesRule type. Can be "yara", "sigma", "snort"Optional
titleRule titleOptional

Context Output#

PathTypeDescription
RecordedFuture.DetectionRules.idstringRecorded Future Detection rule id.
RecordedFuture.DetectionRules.typestringRecorded Future Detection rule type.
RecordedFuture.DetectionRules.titlestringRecorded Future Detection rule title.
RecordedFuture.DetectionRules.descriptionstringRecorded Future Detection rule description.
RecordedFuture.DetectionRules.createdstringRecorded Future link name.
RecordedFuture.DetectionRules.updatedstringRecorded Future link source.
RecordedFuture.DetectionRules.rulesarrayRecorded Future link section.
RecordedFuture.DetectionRules.rules.entitiesarrayRecorded Future link attributes.
RecordedFuture.DetectionRules.rules.entities.idstringRecorded Future link attributes.
RecordedFuture.DetectionRules.rules.entities.typestringRecorded Future link attributes.
RecordedFuture.DetectionRules.rules.entities.namestringRecorded Future link attributes.
RecordedFuture.DetectionRules.rules.contentstringRecorded Future link attributes.
RecordedFuture.DetectionRules.rules.file_namestringRecorded Future link attributes.

Base Command#

recordedfuture-collective-insight

Input#

Input#

Argument NameDescriptionRequired
entity_typeValue that can contain one of the enumerated list of values (ip, hash, domain, vulnerability, url).Required
entity_nameValue of the IOC itselfRequired
entity_source_typeUsed to describe what log source the IOC came fromOptional
incident_nameTitle of the incident related to the IOCOptional
incident_idID of the incident related to the IOCOptional
incident_typeAttack vector associated with the incident (C2, Phishing.. etc)Optional
mitre_codesList contains one or more MITRE codes associated with the IOCOptional
malwareList contains all known malware associated with the IOCsOptional

Context Output#

PathTypeDescription
RecordedFuture.CollectiveInsight.statusstringRequest status

Breaking changes from the previous version of this integration - Recorded Future v2#

Renamed the integration setting "Incident Sharing" to "Collective Insights", resetting any previous configuration to this setting.

Edit this page
Report an Issue