Skip to main content

Recorded Future

recorded-future

Version: 1.11
Updated: March 4, 2024

Utilize Recorded Future threat intelligence feeds during incident investigation.

Actions

  • IP Reputation (Enrichment) - Get the reputation for the specified IP address.
  • URL Reputation (Enrichment) - Get the reputation for the specified URL.
  • Domain Reputation (Enrichment) - Get the reputation for the specified domain.
  • File Reputation (Enrichment) - Get the reputation for the specified file hash.
  • Vulnerability Search (Enrichment) - Search threat intelligence for the specified search query.
  • Malware Search (Enrichment) - Search threat intelligence for the specified search query.
  • Get Alert Details (Enrichment) - Get the details for the specified alert.
  • Recorded Future Alerts Daemon (Daemon) - Gather RF alerts.
  • Vulnerability Search Daemon (Daemon) - Daemon to fetch vulnerabilities.
  • File Reputation V2 (Enrichment) - Get the reputation for the specified file hash v2.
  • Search Domain (Enrichment) - Search Domains.
  • Search URL (Enrichment) - Search URLs.
  • Search IP (Enrichment) - Search IP Addresses.
  • Search Hash (Enrichment) - Search Hashes.
  • Create List (Containment) - Create List.
  • Search List (Enrichment) - Find lists based on a query.
  • Add Entity (Containment) - Add an entity to the list.
  • Remove Entity (Containment) - Remove an entity from the list.
  • List Entities (Enrichment) - Get entities on the list.
  • Credentials Search (Enrichment) - Search Credential data.
  • Credentials Lookup By Email (Enrichment) - Lookup Credential data by Email.
  • Credentials Lookup By Login (Enrichment) - Lookup Credential data by Login.

Configure Recorded Future in Automation Service and Cloud SOAR

Before you can use this automation integration, you must configure its authentication settings so that the product you're integrating with can communicate with Sumo Logic. For general guidance, see Configure Authentication for Automation Integrations.

How to open the integration's configuration dialog
  1. Access App Central and install the integration. (You can configure at installation, or after installation with the following steps.)
  2. Go to the Integrations page.
    Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
    New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations.
  3. Select the installed integration.
  4. Hover over the resource name and click the Edit button that appears.
    Edit a resource

In the configuration dialog, enter information from the product you're integrating with. When done, click TEST to test the configuration, and click SAVE to save the configuration.

Recorded Future configuration

For information about Recorded Future, see Recorded Future documentation.

Change Log

  • September 16, 2019 - First upload
  • February 19, 2021 - Updated actions:
    Get Alerts Details, Alerts Daemon, Vulnerability Search Daemon
  • October 27, 2021 - New action added:
    File Reputation V2
  • March 23, 2022 - New action added:
    Search Domain, Search URL, Search IP, Search Hash
  • January 10, 2023 - Refactoring
  • February 8, 2023 (v1.5) - Updated Actions (Changed the 'Fields' field as required field and improved error handling):
    • File Reputation
    • Domain Reputation
    • URL Reputation
    • IP Reputation
  • June 22, 2023 (v1.6) - Removed unnecessary empty lines
  • June 22, 2023 (v1.7) - Renamed integration from Recorded Future OIF to Recorded Future
  • February 16, 2024 (v1.8)
    • Refactored Recorded Future Alerts Daemon
  • February 23, 2024 (v1.9)
    • Refactored Vulnerability Search Daemon
  • February 26, 2024 (v1.10)
    • Enabled Incident Artifacts feature flag for Get Alert Details action
  • March 4, 2024 (v1.11) - Updated code for compatibility with Python 3.12
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2025 by Sumo Logic, Inc.