There are several ways to integrate with Recorded Future:
- Quick Connect integrations are typically "permalinks" to Recorded Future Intelligence cards accessible from within a partner application. This allows users working in a partner application to quickly pivot to the Recorded Future portal to get detailed information about a specific entity such as an indicator or malware family.
- Operations Integrations pull threat intelligence from Recorded Future for use within a partner application, and typically involve integration modules or custom code that must be pre-installed or pre-configured. Such modules make API calls to Recorded Future in an on-demand fashion or through scheduled processes. These integrations are facilitated by Recorded Future's Connect API, and require that the mutual client have a subscription to Recorded Future's API.
- OMNI Intelligence Partner Integrations are suitable for partners that have unique threat intelligence that would be useful on a Recorded Future intelligence card. These integrations, also known as "Intelligence Card Extensions" require the partner to have a RESTful API, and the integration code, once validated, is hosted by Recorded Future. These integrations work under the "Bring Your Own License" (BYOL) model, and assume mutual clients have valid credentials to the partners' API.
Recorded Future's Intelligence Cards are an important means for clients to receive and consume threat information. You can watch the 6 minute overview, in Recorded Future University, of this important product feature.
For developers, additional details to help you get started on integrating with Recorded Future are available on the following support pages:
- Quick Connect (how to link to Recorded Future Intelligence Cards)
- Operations Integrations SDK
- Intelligence Card Extension SDK
As a final note, partners with a solution that users access through a web browser can "integrate" with Recorded Future immediately through the free Recorded Future browser extension. This extension, available for most popular web browsers, will parse the current browser page and create a list of indicators and vulnerabilities (IPs, domains, file hashes, and CVEs) found on the page.