Demisto Integration

Introduction

Demisto_Full_Color_Logo.svg

Demisto is a popular Security Orchestration and Automation Response (SOAR) platform.  With it, security teams create standardized, automated, and coordinated responses across their entire security product stack. Playbooks that automate common procedures are enabled by thousands of security actions from a large ecosystem of partners make scalable, accelerated incident response a reality. 

Available Functionality

The Demisto integration includes four actions:

  • IP address reputation lookup
  • Domain reputation lookup 
  • File hash reputation lookup
  • Related entities for an IP address, domain, or file hash

Demisto_Screen_Shot_2.png

Demisto_Screen_Shot_1.png

 

How to enable the integration

The integration is available directly from Demisto (https://support.demisto.com/hc/en-us/articles/360006572474).  Enabling the integration requires a valid Recorded Future API token.  Instructions for generating a Recorded Future API token are found on this support page.  

For More Information

More information about this integration, including suggested use cases for enrichment and interactive investigation of complex threats, is available on this blog written by Demisto. 

Was this article helpful?
0 out of 0 found this helpful

The content of this article is confidential and intended solely for the use of individuals with authorized access to the Recorded Future service. Do not download or distribute this article.
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment. Please note that your name will be displayed. If you would like to change how your name appears, please update your profile name.