The Recorded Future Browser Extension allows you to get more context and enrich data with Recorded Future Intelligence, right from your web browser. It is available to all clients.
Supported Browsers
Desktop browser extensions for Google Chrome, Mozilla Firefox make it easy to add instant context to any web-based resource. The Google Chrome extension can also be installed for Microsoft Edge.
Capabilities
- Entity risk
- Submit URLs of interest to Sandboxing
- Search for Malware and Threat Actors
- Create Analyst Notes
- Get Domain Abuse alerts right from the Browser Extension
- Scan for and interpret shortened URLs
Entity risk
The Browser Extension will automatically scan the page for known entities, detects and enrich the following entities:
- CVEs
- Hashes
- Domains
- IP Addresses
- URLs
Simply click on the Browser Extension to view the risk scores of anything mentioned on the page. For more context, click on one to view the risk rules and risk rule evidence. The results with great details are exportable.
Submit URLs of interest to Sandboxing
Recorded Future Browser Extension can now scan any url and send it to our sandbox, directly from your browser.
Why is this important?
SecOps / TI analysts are constantly assessing potential malicious URLs either in their inbox, SIEM/SOAR tool or other websites reporting suspicious URLs. Now, you can submit URLs to the Recorded Future Sandbox without having to copy and paste into a different UI.
Once submitted, you will get a notification letting you know when the report is ready
- Note: This feature is only available for Threat Intelligence and SecOps users (modules with access to Sandbox)
Search for Malware and Threat Actors
Highlight a Malware or Threat Actor name on a page, right-click, and go to Recorded Future > Open Intelligence Card in Recorded Future.
Create Analyst Notes
Highlight text on a page that you're viewing, right-click, and go to Recorded Future > Create Note in Recorded Future.
Get Domain Abuse alerts right from the Browser Extension
Scan for and interpret shortened URLs
You can now use the Browser Extension to scan for and interpret shortened URLs (that are generated via a URL-shortener service(s) viz. tinyurl, rebrandly, tinycc and bitly).
How it works
The Browser Extension interprets the shortened URL in a web page and displays the destination URL along with its risk summary in the UI.
Why it's important
While convenient for sharing and reducing character count, shortened URLs often conceal the destination, potentially leading you to unknowingly navigate to a malicious website. Interpreting and verifying risk associated with the destination URL can help you preemptively identify cyber threats including phishing attempts, malware distribution among others.
Recorded Future University
- Browser Extension Course
- Cyber Daily Course
- Sandbox course
Verified to work with
While the Browser Extension should work with most webpages, every site is built differently. We've manually verified the Browser Extension to work with the following:
- AlienVault (w/ OTX)
- Anomali ThreatStream
- Arcsight ESM
- Carbon Black
- Crowdstrike Falcon
- Darktrace
- Demisto
- ELK (Dashboard only)
- Exabeam Advanced Analytics
- ExtraHop
- Google Docs
- Graylog
- IBM QRadar
- IBM Resilient
- IBM X-Force Exchange
- InsightIDR
- JIRA
- LogRhythm (Browser Access only)
- MISP
- Phantom
- Qualys
- Red Canary
- RSA Archer Third Party Management
- RSA NetWitness
- SentinelOne
- ServiceNow
- Snowflake
- Splunk Enterprise
- Splunk Enterprise Security
- Sumo
- The Hive Project
- ThreatConnect
- VirusTotal
Known limitations and issues
- Local File Support: To enable this feature in Google Chrome, navigate to Extensions -> Recorded Future -> Details -> Scroll and click "allow access to file URLs." We support HTM and HTML. Prior support for PDFs in Chrome has been suspended due to adjustments to Chrome's security policy, but we're looking into ways to resume support for this common file type.
- Google Sheets: Currently, there is no way for the Browser Extension to detect entities on Google Sheets. We will continue to evaluate the situation if anything changes
If you come across a site that the browser extension doesn't properly work on, please let us know by emailing support@recordedfuture.com.
Working with Large Numbers of Entities
The following recommendations can help you work more efficiently when using the Browser Extension on a page that includes a large number of entities.
- For pages with more than 400 entities, turn off “Show in-page risk scores” to maximize functionality
- When loading pages with more than 1000 entities, note that it can take additional time (up to 30 seconds) to load results
- When exporting large pages (e.g., those with more than 1000 entities) we recommend turning off "Show in-page risk scores" and note that it can take additional time to load (up to 30 seconds)
Security
For more information on the security of the Browser Extension, please click here.
Job Aids