Demisto Integration



Demisto is a popular Security Orchestration and Automation Response (SOAR) platform.  With it, security teams create standardized, automated, and coordinated responses across their entire security product stack. Playbooks that automate common procedures are enabled by thousands of security actions from a large ecosystem of partners make scalable, accelerated incident response a reality. 

Available Functionality

The Demisto integration includes four actions:

  • IP address reputation lookup
  • Domain reputation lookup 
  • File hash reputation lookup
  • Related entities for an IP address, domain, or file hash




How to enable the integration

The integration is available directly from Demisto (  Enabling the integration requires a valid Recorded Future API token.  Instructions for generating a Recorded Future API token are found on this support page.  

For More Information

More information about this integration, including suggested use cases for enrichment and interactive investigation of complex threats, is available on this blog written by Demisto. 

Was this article helpful?
1 out of 1 found this helpful

This content is confidential. Downloading or distributing this content is in violation of your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Have more questions? Submit a request



Please sign in to leave a comment. Please note that your name will be displayed. If you would like to change how your name appears, please update your profile name.