Operations Integrations Overview

Introduction and available resources

Operations Integrations refer to a broad class of integrations whereby partner applications incorporate Threat Intelligence from Recorded Future into their systems. These are enabled via Recorded Future's Connect API. 

Developers are also encouraged to review the following Introduction to the Connect API.

A full suite of Connect API resources, including how to generate and manage API tokens, information about Recorded Future Risk Lists and the STIX/TAXII service, can be found on the Support Site.  Note that the best way to learn about the Connect API is through the interactive API explorer.  A valid API token is required to use the API Explorer; instructions on requesting API tokens are here.

Use Cases

Although the Connect API is quite flexible and can be used in many ways, several standard use cases have emerged and are used operationally in several partner applications. We are always interested in new ways our threat intelligence can be integrated with partner applications and welcome input on additional use cases beyond those discussed below.

  1. Enrichment - look up risk scores and additional context on specific IOCs and entities
  2. Correlation - use risk lists to correlate with log files and other streams of client data
  3. Alert Management - show Recorded Future alerts in other systems
  4. Integrating with Analyst Notes - read and write client-specific analyst notes
This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section