Linking to Intelligence Cards

Recorded Future makes it straightforward to quickly navigate or link to Intelligence Cards for IP Addresses, Domain, Hashes, Vulnerabilities, Malware, and Threat Actors (groups). These cards serve as a starting point for investigation or incident response, e.g., what can external threat intelligence from Recorded Future tell me about this observable?

The summary pages have a consistent URL structure, which makes it easy to deep link into Recorded Future from other systems.

The URL structure for these deep links to is:

  • /live/sc/entity/ip:<IP Address> Example

Please note: URLs to IP Intelligence Cards need to have leading zeros removed from IPv4 Addresses

  • /live/sc/entity/idn:<Internet Domain Name> Example
  • /live/sc/entity/hash:<Hash value> Example
  • /live/sc/entity/?name=< Vulnerability name or CVE number> Example 1Example 2
  • /live/sc/entity/?name=<Malware family> Example
  • /live/sc/entity/?name=< Threat Actor group> Example

Clients who do not wish to expose the Intelligence Card details in the URL may instead POST a request to the following link with entity parameters in the body of the POST:

For example, here is a simple HTML file illustrating this method; note the different "Name" field for CVEs compared to the other indicator types.

<form method="post" action="">
<label>Entity id:<label><input type="text" name="id"/>
<button type="submit">Submit</button>
<form method="post" action="">
<label>Entity name:<label><input type="text" name="name"/>
<button type="submit">Submit</button>

Please note: Authenticated Recorded Future users will see the full Intelligence Card; non-Recorded Future users will see an abbreviated set of information on the Intelligence Card.

Was this article helpful?
0 out of 0 found this helpful

The content of this article is confidential and intended solely for the use of individuals with authorized access to the Recorded Future service. Do not download or distribute this article.
Have more questions? Submit a request



Please sign in to leave a comment. Please note that your name will be displayed. If you would like to change how your name appears, please update your profile name.