Recorded Future IP Intelligence
This document explains how to set up and use Recorded Future IP Intelligence with the TruSTAR Web App.
With billions of indexed facts, and more added every day, Recorded Future’s Threat Intelligence Machine makes use of machine learning and natural language processing (NLP), to continuously analyze threat data from a massive range of sources.
- Source Type: Premium Intel
- Update Type: Feed-based
- Update Frequency: 2 hours
- Time to Install: 10 minutes
The integration pulls all Observables supported by TruSTAR.
- A subscription to Recorded Future Premium
- Recorded Future API Key
- A daily quota of 60 Recorded Future credits. Each list update requires 5 credits, for a total of 60 credits per day (12 list updates per day). TruSTAR Admin rights are required to activate this Premium Intelligence feed.
- Log into the TruSTAR Web App.
- Click the Marketplace icon on the left side icon list.
- Choose Premium Intel.
- Click Subscribe on the Recorded Future IP Intelligence box.
- Enter your Recorded Future API key and click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
TruSTAR Report Mapping
Recorded Future IP Intelligence contains IP addresses scored at 90 and above (on a scale of 0-100) by Recorded Future’s internal team.
IP <IOC Value>
Encoded value of (IP<IOC Value>)
Full json response
FirstSeen field of response
criticalityLabel and score field of response if available. criticalityLabel of None and score value = 0 are ignored.
criticalityLabel: unspecified Score: 5
IntelCard field value of response, if available
Client Meta Tag
Use THIS LINK to access documentation for the TruSTAR API.
No reported issues.
Please reach out to firstname.lastname@example.org if you have issues with this integration.