You can extend Recorded Future intelligence cards with integrations to other threat intelligence providers, enrichment services, and security products. This is achieved by defining an Extension that will run under the Recorded Future Extension API.
Above: example of some intelligence card extensions on the IP intelligence card for 31.210.111.154.
The extension is implemented as a python program that makes requests to a remote web service*, based on input from the Recorded Future intelligence card and user credentials for the remote service. Analyst teams manage their own user credential settings for each extension, through the Recorded Future portal.
*required: the remote web service must have a REST API
Above: example of the Extension gallery where intelligence card extensions can be enabled/disabled.
Extension artifacts
An extension has four components:
1. A configuration file (extension.json) which contains information about the extension and specifies the names of the other required files.
2. A response metadata file (conventionally metadata.json) which specifies how the extension response data should be displayed in the intelligence card.
3. A python source code file which implements the query time logic of the extension.
4. Two logo image files
The extension may include additional python library files.
Packaging an Extension
Please package your extension as a tarball (a compressed archive file in TAR format.) All extension component files should be in the root directory of the archive.
Example command:
tar zcvf myExtension.tgz myPython.py myLogoThumbnail.png myLogoFull.png metadata.json extension.json
Other notes
Attached to this support page is an example extension, fully packaged, that does a simple reverse DNS lookup.