We offer browser extensions for Google Chrome, Opera, Mozilla Firefox, and Apple Safari which make it easy to pull up Recorded Future's Intelligence Cards on the following indicator types: IP address, file hashes, domains, vulnerabilities, malware, and threat actor (groups).
Installing the Extension
Following directions for installing the extension here.
Out of the box, the browser extension works by scanning the current page for IOCs (Indicators of Compromise) and listing them in the extension popup when the user clicks the browser extension icon (located towards the top in the browser menu bar). IOCs are sorted by name.
Users concerned about the extension parsing indicators from a web page with sensitive material can now use an 'off' switch to disable the page scanning feature in the extension settings. No IOCs or other data will be sent to Recorded Future when this feature is disabled. See Note about API Queries.
Another useful feature is that you can also mark some text on the page, right-click on it and from the context menu select “Open Intelligence Card in Recorded Future”. We then try to match the content of the selected text and open a Recorded Future Intelligence Card for the selected entity.
In browser extension version 2.0.0 and higher, Recorded Future clients can enter an optional API token to increase the extension utility by getting enriched data about the IOCs found on the page.
After a valid API Token is saved in the extension settings, the list of IOCs on the page will also display the current criticality level (indicated by a colored dot) and the risk score for the IOC. The list is sorted by risk score and by name. Each IOC with a non-zero risk score can be expanded to see the triggered risk rules.
There is no API credit cost for displaying the criticality, risk score, and triggered risk rules. The API token is used only for authentication.
Using the Extension
After installing the extension, you can right-click on a highlighted IP address, domain, file hash, vulnerability, malware, and threat actor (group) in any web page and immediately pull up a Recorded Future Intelligence Card that summarizes everything Recorded Future has found about that specific entity.
Authorized Recorded Future users will see a full Intelligence Card; Authorized users that also have an API subscription can enter a valid API token into the extension and enable the browser extension to lookup Risk Scores and related risk evidence. Non-Recorded Future users can still use the browser extension but will only have access to a truncated set of information.
The Chrome, Opera, and Safari Extensions also scan the current web page and provide users with a summary of all IP addresses, domains, file hashes, and vulnerabilities found on the web page in a drop-down menu available in the toolbar (see below):
Note about API Queries
By adding a valid API token to the browser extension, users get automatic risk score lookups and the ability to get triggered risk rules. The API calls only make lookup calls specific to the IP addresses, domains, hashes, vulnerabilities, or user-highlighted text observed on the current website; no other information about the browsing behavior or use is communicated via API to Recorded Future.
For teams that are interested in reviewing the browser extension code, we recommend the following steps:
- Chrome Extension
- code for installed extensions can be found in a local Chrome directory; https://www.labnol.org/software/view-source-of-chrome-extension/21284/ and https://stackoverflow.com/questions/17377337/where-to-find-extensions-installed-folder-for-google-chrome-on-mac has info on how to find these on Windows and Mac operating systems
- To get the extension code WITHOUT installing the extension first, go to the the following link: https://chrome-extension-downloader.com/
- In the search box, paste in the extension ID or the weburl where you can download the extension (i.e., https://chrome.google.com/webstore/detail/recorded-future-look-up/cdblaggcibgbankgilackljdpdhhcine?hl=en)
- Firefox Extension
- go to the firefox app store and find the link to Recorded Future's FireFox lookup add-on: https://addons.mozilla.org/en-US/firefox/addon/recorded-future-look-up/
- On the "Add to Firefox" button, right click and choose "save link as..."