Premier Integrations
Below is a matrix of our Premier Integrations, including the most recent and any historic versions currently supported by Recorded Future (see “Compatibility” column). The “Install Location” column notes where the integration may be found; certification status is shown in the “Status” column for those partners that certify applications. Deployment of any integration on a non-compatible platform configuration (see “Compatibility” column) may require professional services assistance.
For the full list of supported integrations and how to set them up, please go to Integration Center in the portal.
Recorded Future also has a TAXII v1.1.1 service that can be used to integrate with STIX/TAXII clients (e.g., LogRhythm).
For our Splunk integrations, we regression test on the latest version N of Splunk Enterprise, as well as version N-1; we include N-2 and N-3 as compatible versions for installation convenience but do not guarantee full regression testing has been done. Please consult professional services for more information.
INTEGRATION |
COMPATIBILITY (Partner solution platform) |
LATEST VERSION (Recorded Future application) |
INSTALL LOCATION | STATUS | Comments |
---|---|---|---|---|---|
Anomali Threatstream (Insikt Notes) |
|
|
Please contact Recorded Future | Certified | Available through separate integration subscription; requires manual install from Anomali |
Attack Surface Intelligence for ServiceNow |
|
|
Please contact Recorded Future | ||
Attack Surface Intelligence for Slack |
|
|
Please contact Recorded Future | ||
Attack Surface Intelligence for Splunk |
|
|
Please contact Recorded Future | ||
Micro Focus ArcSight |
7.x |
3.2.1 |
ArcSight Marketplace | Certified | |
AWS GuardDuty |
n/a (SaaS) |
n/a |
AWS Marketplace | ||
Carbon Black Cloud Enterprise EDR |
n/a (SaaS) |
|
Please contact Recorded Future Via "Push config" |
||
Exabeam AA (Push Service) |
n/a (SaaS) |
1.0 |
Please contact Recorded Future Via "Push config" |
||
IBM QRadar |
QRadar 7.3.3 Patch 6 - 7.3.3 latest patch release QRadar 7.4.0 is not supported |
3.1.2 | Certified | ||
QRadar 7.3.3 Patch 6 - 7.3.3 latest patch release QRadar 7.4.0 is not supported |
3.1.1 | Certified | |||
QRadar 7.3.3 Patch 6 - latest patch release QRadar 7.4.0 is not supported QRadar 7.4.1 Patch 2 + |
3.1 | IBM X-Force Exchange | Certified | ||
7.3.3 (patch 6 and higher) 7.4.1 (patch 2) 7.4.2 |
3.0.x | IBM X-Force Exchange | Certified | Upgrade to this version from a 2.x version requires new API token provisioning | |
7.2.8 7.2.7 7.3 (patch 5 and lower) |
2.1.x | IBM X-Force Exchange | Certified | ||
IBM Security SOAR (IBM Resilient) -Lookup App |
SOAR 38.0 + |
2.1.1 |
IBM App Exchange | Certified | |
SOAR 38.0 + |
2.1.0 |
IBM App Exchange | Certified | ||
resilient > 38.0.0 resilient-circuits > 38.0.0 |
2.0.0 |
IBM App Exchange | Certified | ||
LogRhythm |
LogRhythm 7.6.0.9 or greater TIS Manager 1.9.3.1008 or greater |
n/a |
Installation via "LogRhythm Threat Intelligence Service Manager" | ||
Maltego |
Maltego Classic and Maltego XL |
n/a |
Transform Hub | Certified | BFI enabled version of Recorded Future for Maltego (v2.0) requires a new API Token. Request a new API token here |
Microfocus ArcSight |
ArcSight ESM - 7.2 - 7.0 - 6.11 |
3.2.0 |
Recorded Future for ArcSight 3.2 |
Certified | |
ArcSight ESM - 7.2 - 7.0 - 6.11 |
3.1.0 |
Please contact Recorded Future (Professional Services) |
|||
Arcsight ESM - 6.9.1 - 6.8c - 5.5 |
3.0.3 |
Please contact Recorded Future (Professional Services) |
|||
Microsoft Sentinel | n/a | 3.2.x | Via Microsoft Azure "Logic apps" | Certified | |
Microsoft Sentinel - Identity | n/a | n/a | available via Microsoft Azure Marketplace | Certified | |
Microsoft Azure Defender | n/a | n/a | via Microsoft Azure "Logic apps" | Certified | |
MISP Enrichment |
MISP 2.4.x |
2.0.0 |
Via "misp-modules service" | Certified | |
MISP 2.4.x |
1.0 |
Via "misp-modules service" | Certified | ||
MISP Feeds |
n/a |
n/a |
|||
Okta Workflows (Identity Intelligence) |
n/a |
n/a |
Please contact Recorded Future Via "Push config" |
||
Palo Alto Networks Cortex XSOAR (ASI) |
XSOAR - v6.0.0 |
1.0.1 |
XSOAR Marketplace | Certified | |
Recorded Future Intelligence - Palo Alto XSOAR (SecOps) |
XSOAR - v8.x - v6.x |
Pack (1.7.0) - v2 (2.4.3) - RF - Playbook alerts (1.1) - RF - Lists (1.1) |
Certified | ||
XSOAR - v6.5
|
Pack (1.6.0) - v2 (2.4.1) - RF - Playbook alerts (1.1) - RF - Lists (1.0) |
Certified | |||
XSOAR - v6.5 |
Pack (1.4.0) - v2 (2.4.1) - RF - Playbook alerts (1.0) |
Certified | |||
XSOAR |
Pack (1.3.0) - v2 (2.4) |
Certified | |||
Palo Alto Networks XSOAR (Hatching Triage) |
|
|
|||
Palo Alto Networks Cortex XSOAR (Identity) |
XSOAR - v8.x - v6.x |
2.0 |
Certified | ||
XSOAR - v8.x - v6.x |
1.0 |
Certified | |||
Rapid7 InsightIDR |
n/a (SaaS) |
1.0 |
Please contact Recorded Future Via "Push config" |
||
Recorded Future Collective Insights for SentinelOne |
n/a |
1.0 |
|
||
Recorded Future Collective Insights for Okta |
n/a |
1.0 |
|
||
Recorded Future Collective Insights for Carbon black |
n/a |
1.0 |
|
||
Recorded Future Collective Insights for Crowdstrike |
n/a |
1.0 |
|
||
Recorded Future Sandbox for Microsoft Sentinel |
n/a |
n/a |
In certification phase | ||
ServiceNow SIR/TI |
Yokohama |
3.2.2 |
ServiceNow Store | Certified | |
Washington DC |
3.1.4 |
ServiceNow Store | Certified | ||
Washington DC |
3.1.3 |
ServiceNow Store | Certified | ||
ServiceNow Vulnerability Response |
Yokohama |
3.0.5 | ServiceNow Store | Certified | |
Washington DC |
3.0 | ServiceNow Store | Certified | ||
Washington DC |
2.0.11 | ServiceNow Store | Certified | ||
ServiceNow Vendor Risk Management |
Yokohama |
2.0.0 |
ServiceNow Store | Certified | |
Utah |
1.2.0 |
ServiceNow Store | Certified | ||
ServiceNow Security Operations Foundation Framework |
Washington DC |
1.8.5 |
ServiceNow Store | Certified |
|
ServiceNow TISC |
Yokohama |
1.0.6 |
ServiceNow Store | Certified |
|
Splunk |
Splunk 9.4, 9.3, 9.2, ES 8.0, 7.3, 7.2, |
2.8.0 |
In-Certification |
|
|
Splunk 9.4, 9.3, 9.2, ES 8.0, 7.3, 7.2, |
2.7.3
|
In-Certification |
|
||
Splunk 9.4, 9.3, 9.2, ES 8.0, 7.3, 7.2, |
2.7.2 |
Certified |
|
||
Splunk 9.4, 9.3, 9.2, ES 8.0, 7.3, 7.2,
|
2.7.1 |
Certified |
|
||
Splunk 9.4, 9.3, 9.2, |
2.7.0 |
Certified |
|
||
Splunk 9.4, 9.3, 9.2, |
2.6.3 |
Certified |
|
||
Splunk 9.3, 9.2, 9.1, |
2.6.2 |
Certified |
|
||
Splunk 9.3, 9.2, 9.1, |
2.6.1 |
Certified |
|
||
Splunk 9.3, 9.2, 9.1, |
2.6.0 |
Certified |
|
||
Splunk 9.3, 9.2, 9.1, 9.0 |
2.5.1 |
Certified |
End of life |
||
Splunk 9.2, 9.1, 9.0 |
2.5.0 |
Certified |
End of life |
||
Splunk 9.3, 9.2, 9.1, 9.0 |
2.4.3 |
Certified
|
End of life |
||
Splunk 9.2, 9.1, 9.0, |
2.4.2 |
Certified |
End of life |
||
Splunk 9.1, 9.0, 8.2 |
2.4.1
|
Certified |
End of life |
||
Splunk 9.1, 9.0, 8.2 |
2.4.0 |
Certified |
End of life |
||
Splunk 9.1, 9.0, 8.2 |
2.3.3 |
SplunkBase |
Certified |
End of life |
|
Splunk 9.1, 9.0, 8.2 |
2.3.2 |
SplunkBase |
Certified |
End of life |
|
Splunk 9.1, 9.0, 8.2 |
2.3.1 |
SplunkBase |
Certified |
End of life |
|
Splunk 9.1, 9.0, 8.2 |
2.3.0 |
SplunkBase |
Certified |
End of life |
|
Splunk 8.1, 8.2 |
2.0.5 [End of life] |
SplunkBase |
Certified [End of life] |
Available on splunkbase to facilitate an upgrade with migration pathway for 1.1.x users.
|
|
Splunk 8.1, 8.2 |
1.1.9 |
SplunkBase |
Certified |
End of life since 2023-01-31 |
|
Splunk Enterprise |
Splunk 8.1, 8.0, 7.3, 7.2, 7.1, 7.0, 6.6 All supported Splunk environments |
5.0.10
|
End of life, no longer available at SplunkBase. Superseded by Splunk (see above) |
Certified |
End of life |
Splunk ES |
Splunk 8.1, 8.0, 7.3, 7.2, 7.1, 7.0, 6.6 All supported Splunk environments |
4.0.4 |
End of life, no longer available at SplunkBase. Superseded by Splunk (see above) |
Certified |
End of life |
Splunk SOAR (Phantom) |
Splunk SOAR v6.2, v6.1, v6.0 |
4.3.2 | SplunkBase |
Certified |
|
Splunk SOAR v6.1, v6.0, v5.5 |
4.3.1 | SplunkBase |
Certified |
||
Splunk SOAR v6.1, v6.0, v5.5 |
4.3.0 | SplunkBase |
Certified |
||
Splunk SOAR v6.0, v5.5 |
4.2.0 | SplunkBase |
Certified |
||
Splunk SOAR v5.5, v5.4 |
4.1.0 | SplunkBase |
Certified |
||
Splunk SOAR v5.3 |
4.0 | SplunkBase |
Certified |
||
Phantom v5.1, v5.2, v5.3 |
3.1 | SplunkBase |
Certified |
||
Phantom v4.6, v4.8 |
3.x | SplunkBase | Certified | Renamed to "Splunk SOAR". We're keeping Phantom as internal name. | |
Splunk SOAR - Sandbox (Phantom) |
Splunk SOAR 6.0 |
1.1.0 | SplunkBase | Certified | |
Splunk SOAR v5.3 |
1.0.1 | SplunkBase | Certified |