Introducing Intelligence Card Extensions
Intelligence Cards are concise summaries of threat intelligence entities, e.g., IP addresses, domains, hashes, URLs, vulnerabilities, and malware families.
Intelligence Card Extensions help analysts find insights about emerging threats faster, by merging complementary threat intelligence from other providers and security firms into Intelligence Cards. The combined information may enable the analyst to make an immediate verdict. Or, it may highlight for the analyst an important relationship that was not apparent from single-source investigation in either dataset.
To use Intelligence Card Extensions, your organization must have API access to the partner's threat intelligence service. You can choose whether to enable each extension by providing your API credentials. Essentially, you authorize Recorded Future to make on-demand requests from the partner's service on your behalf. The responses are shown to you in Intelligence Cards, but the information is not retained by Recorded Future.
Training Available
Use in app-guidance to view the workflow inside of Recorded Future.
Intelligence Card Extension Partners
As part of our Connect partnership program, we have teamed with select intelligence providers to develop intelligence card extensions for our mutual clients, and will continue to add more as interest and opportunity allow. Note that extensions marked by (*) do not require client-specific credentials and are available to all Recorded Future subscribers; extensions marked by (**) are similar but only appear for clients who have purchased the Third Party Risk Add-on / Module.
We are excited to team with:
- AlienVault Open Threat Exchange
- Bitdefender (*)
- Bitsight Technologies
- Carbon Black
- Censys.IO
- Cisco Umbrella Investigate (fka OpenDNS)
- Cofense (formerly PhishMe)
- Cyborg Security
- DomainTools
- DomainTools Iris
- Dragos
- Exodus Intelligence
- Facebook ThreatExchange
- Farsight Security
- FIRST Exploit Prediction Scoring System (EPSS)
- GreyNoise
- IBM X-Force Exchange
- InQuest Labs Intelligence Card Extension
- Kaspersky
- Mandiant Threat Intelligence
- Nucleon
- Palo Alto Networks (Autofocus)
- Polyswarm (*)
- Reversing Labs
- Risk Based Security and VulnDB
- RiskIQ (PassiveTotal)
- SecurityTrails
- SentinelOne Deep Visibility
- ServiceNow
- Shodan (*)
- Symantec Deepsight
- ThreatConnect
- VirusTotal
Other Available Extensions
Several other extensions are available that provide convenience access to other services and/or information:
- Multi-RBL and reverse DNS lookup (*)
- Domain abuse reporting and takedown services (*)
- Leaked Credentials Risk Rule Evidence Details (**)
- Hosts Recently Communicating with C&C Servers Risk Rule Evidence Details (**)
How do I get started?
Start by activating extensions in your Recorded Future deployment.
Who do I contact for questions about the program or suggestions for new intelligence partners?
Security vendors interested in partnering with Recorded Future are encouraged to sign up on this partner registration page.