Recorded Future Browser Extension

Browser_Extension-TransparentEvidenceforEffectiveAction.png

The Recorded Future Browser Extension allows you to get more context and enrich data with Recorded Future Intelligence, right from your web browser. It is available to all clients.

Supported Browsers

Desktop browser extensions for Google Chrome, Mozilla Firefox make it easy to add instant context to any web-based resource. The Google Chrome extension can also be installed for Microsoft Edge.

Capabilities

Entity risk

The Browser Extension will automatically scan the page for known entities, detects and enrich the following entities: 

  • CVEs
  • Hashes
  • Domains
  • IP Addresses
  • URLs

Simply click on the Browser Extension to view the risk scores of anything mentioned on the page. For more context, click on one to view the risk rules and risk rule evidence. The results with great details are exportable.

Submit URLs of interest to Sandboxing

Recorded Future Browser Extension can now scan any url and send it to our sandbox, directly from your browser.

Why is this important? 

SecOps / TI analysts are constantly assessing potential malicious URLs either in their inbox, SIEM/SOAR tool or other websites reporting suspicious URLs. Now, you can submit URLs to the Recorded Future Sandbox without having to copy and paste into a different UI.

Once submitted, you will get a notification letting you know when the report is ready

  • Note: This feature is only available for Threat Intelligence and SecOps users (modules with access to Sandbox)

Search for Malware and Threat Actors

Highlight a Malware or Threat Actor name on a page, right-click, and go to Recorded Future > Open Intelligence Card in Recorded Future.

Create Analyst Notes

Highlight text on a page that you're viewing, right-click, and go to Recorded Future > Create Note in Recorded Future.
Screenshot_2023-02-22_090546.png


Get Domain Abuse alerts right from the Browser Extension

See a notification when a new Recorded Future alert has triggered. 

Scan for and interpret shortened URLs

You can now use the Browser Extension to scan for and interpret shortened URLs (that are generated via a URL-shortener service(s) viz. tinyurl, rebrandly, tinycc and bitly). 

How it works

The Browser Extension interprets the shortened URL in a web page and displays the destination URL along with its risk summary in the UI.

Why it's important

While convenient for sharing and reducing character count, shortened URLs often conceal the destination, potentially leading you to unknowingly navigate to a malicious website. Interpreting and verifying risk associated with the destination URL can help you preemptively identify cyber threats including phishing attempts, malware distribution among others.

Recorded Future University

A public Recorded Future University site is available to anyone who signs up for the free browser extension. Users have limited access to Recorded Future University content, including the following:
  • Browser Extension Course
  • Cyber Daily Course
  • Sandbox course

 

Verified to work with

While the Browser Extension should work with most webpages, every site is built differently. We've manually verified the Browser Extension to work with the following:

  • AlienVault (w/ OTX)
  • Anomali ThreatStream
  • Arcsight ESM
  • Carbon Black
  • Crowdstrike Falcon
  • Darktrace
  • Demisto
  • ELK (Dashboard only)
  • Exabeam Advanced Analytics
  • ExtraHop
  • Google Docs
  • Graylog
  • IBM QRadar
  • IBM Resilient
  • IBM X-Force Exchange
  • InsightIDR
  • JIRA
  • LogRhythm (Browser Access only)
  • MISP
  • Phantom
  • Qualys
  • Red Canary
  • RSA Archer Third Party Management
  • RSA NetWitness
  • SentinelOne
  • ServiceNow
  • Snowflake
  • Splunk Enterprise
  • Splunk Enterprise Security
  • Sumo
  • The Hive Project
  • ThreatConnect
  • VirusTotal

 


 

Known limitations and issues

  • Local File Support: To enable this feature in Google Chrome, navigate to Extensions -> Recorded Future -> Details -> Scroll and click "allow access to file URLs." We support HTM and HTML. Prior support for PDFs in Chrome has been suspended due to adjustments to Chrome's security policy, but we're looking into ways to resume support for this common file type. 
  • Google Sheets: Currently, there is no way for the Browser Extension to detect entities on Google Sheets. We will continue to evaluate the situation if anything changes

If you come across a site that the browser extension doesn't properly work on, please let us know by emailing support@recordedfuture.com.

 


 

Working with Large Numbers of Entities

The following recommendations can help you work more efficiently when using the Browser Extension on a page that includes a large number of entities.

  • For pages with more than 400 entities, turn off “Show in-page risk scores” to maximize functionality
  • When loading pages with more than 1000 entities, note that it can take additional time (up to 30 seconds) to load results
  • When exporting large pages (e.g., those with more than 1000 entities) we recommend turning off "Show in-page risk scores" and note that it can take additional time to load (up to 30 seconds)

 

Security

For more information on the security of the Browser Extension, please click here.

 


 

Job Aids

browser_ext_job_aid_part_1.png

browser_ext_job_aid_part_2.png

 

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
15 out of 15 found this helpful

Articles in this section