Introduction and available resources
Operations Integrations refer to a broad class of integrations whereby partner applications incorporate Threat Intelligence from Recorded Future into their systems. These are enabled via Recorded Future's Connect API.
Developers are also encouraged to review the following Introduction to the Connect API.
A full suite of Connect API resources, including how to generate and manage API tokens, information about Recorded Future Risk Lists and the STIX/TAXII service, can be found on the Support Site. Note that the best way to learn about the Connect API is through the interactive API explorer. A valid API token is required to use the API Explorer; instructions on requesting API tokens are here.
Use Cases
Although the Connect API is quite flexible and can be used in many ways, several standard use cases have emerged and are used operationally in several partner applications. We are always interested in new ways our threat intelligence can be integrated with partner applications and welcome input on additional use cases beyond those discussed below.
- Enrichment - look up risk scores and additional context on specific IOCs and entities
- Correlation - use risk lists to correlate with log files and other streams of client data
- Alert Management - show Recorded Future alerts in other systems
- Integrating with Analyst Notes - read and write client-specific analyst notes