Supported Integration Versions and Compatibility

Premier Integrations

Below is a matrix of our Premier Integrations, including the most recent and any historic versions currently supported by Recorded Future (see “Compatibility” column). The “Install Location” column notes where the integration may be found; certification status is shown in the “Status” column for those partners that certify applications. Deployment of any integration on a non-compatible platform configuration (see “Compatibility” column) may require professional services assistance.

For the full list of supported integrations and how to set them up, please go to Integration Center in the portal.

Recorded Future also has a TAXII v1.1.1 service that can be used to integrate with STIX/TAXII clients (e.g., LogRhythm).

For our Splunk integrations, we regression test on the latest version N of Splunk Enterprise, as well as version N-1; we include N-2 and N-3 as compatible versions for installation convenience but do not guarantee full regression testing has been done. Please consult professional services for more information.

 

INTEGRATION

COMPATIBILITY

(Partner solution platform)

LATEST VERSION

(Recorded Future application)

INSTALL LOCATION STATUS Comments
Anomali Threatstream (Insikt Notes)

 

 

Please contact Recorded Future Certified Available through separate integration subscription; requires manual install from Anomali
Attack Surface Intelligence for ServiceNow

 

 

Please contact Recorded Future    
Attack Surface Intelligence for Slack

 

 

Please contact Recorded Future    
Attack Surface Intelligence for Splunk

 

 

Please contact Recorded Future    
Micro Focus ArcSight

7.x

3.2.1

ArcSight Marketplace Certified  
AWS GuardDuty

n/a (SaaS)

n/a

AWS Marketplace    
Carbon Black Cloud Enterprise EDR

n/a (SaaS)

 

Please contact Recorded Future

Via "Push config"

   
Exabeam AA (Push Service)

n/a (SaaS)

1.0

Please contact Recorded Future

Via "Push config"

   
IBM QRadar

QRadar 7.3.3 Patch 6 - 7.3.3 latest patch release

QRadar 7.4.0 is not supported

3.1.2

IBM X-force Exchange

Certified  

QRadar 7.3.3 Patch 6 - 7.3.3 latest patch release

QRadar 7.4.0 is not supported

3.1.1

IBM X-force Exchange

Certified  

QRadar 7.3.3 Patch 6 - latest patch release

QRadar 7.4.0 is not supported

QRadar 7.4.1 Patch 2 +

3.1 IBM X-Force Exchange Certified  

7.3.3 (patch 6 and higher)

7.4.1 (patch 2)

7.4.2

3.0.x IBM X-Force Exchange Certified Upgrade to this version from a 2.x version requires new API token provisioning 

7.2.8

7.2.7

7.3 (patch 5 and lower)

2.1.x IBM X-Force Exchange Certified  

IBM Security SOAR (IBM Resilient) -Lookup App

SOAR 38.0 +

2.1.1

IBM App Exchange Certified  

SOAR 38.0 +

2.1.0

IBM App Exchange Certified  

resilient > 38.0.0

resilient-circuits > 38.0.0

2.0.0

IBM App Exchange Certified  
LogRhythm

LogRhythm 7.6.0.9 or greater

TIS Manager 1.9.3.1008 or greater

n/a

Installation instructions

  Installation via "LogRhythm Threat Intelligence Service Manager"
Maltego

Maltego Classic and Maltego XL

n/a

Transform Hub Certified BFI enabled version of Recorded Future for Maltego (v2.0) requires a new API Token.  Request a new API token here
Microfocus ArcSight

ArcSight ESM

- 7.2

- 7.0

- 6.11

3.2.0

Recorded Future for ArcSight 3.2

ArcSight Marketplace

Certified  

ArcSight ESM

- 7.2

- 7.0

- 6.11

3.1.0

Please contact Recorded Future

(Professional Services)

   

Arcsight ESM

- 6.9.1 

- 6.8c

- 5.5

3.0.3

Please contact Recorded Future

(Professional Services)

   
Microsoft  Sentinel n/a 3.2.x Via Microsoft Azure "Logic apps" Certified  
Microsoft Sentinel - Identity n/a n/a available via Microsoft Azure Marketplace Certified  
Microsoft Azure Defender n/a n/a via Microsoft Azure "Logic apps" Certified  
MISP Enrichment

MISP 2.4.x

2.0.0

Via "misp-modules service" Certified  

MISP 2.4.x

1.0

Via "misp-modules service" Certified  
MISP Feeds

n/a

n/a

     
Okta Workflows (Identity Intelligence)

n/a

n/a

Please contact Recorded Future

Via "Push config"

   
Palo Alto Networks Cortex XSOAR (ASI) 

XSOAR

- v6.0.0

1.0.1

XSOAR Marketplace Certified  



Recorded Future Intelligence - Palo Alto XSOAR (SecOps)

XSOAR

- v8.x

- v6.x

Pack (1.7.0)

- v2 (2.4.3)

- RF - Playbook alerts (1.1)

- RF - Lists (1.1) 

XSOAR Marketplace

Certified  

XSOAR

- v6.5
- v6.0.0
- v5.5

 

Pack (1.6.0)

 - v2 (2.4.1)

- RF - Playbook alerts (1.1)

- RF - Lists (1.0) 

XSOAR Marketplace

Certified  

XSOAR

- v6.5
- v6.0.0
- v5.5

Pack (1.4.0)

 - v2 (2.4.1)

- RF - Playbook alerts (1.0)

XSOAR Marketplace

Certified  

XSOAR
- v6.0.0
- v5.5

Pack (1.3.0)

 - v2 (2.4)

XSOAR Marketplace

Certified  
Palo Alto Networks XSOAR (Hatching Triage)

 

 

Hatching Blog - Install Instructions

   

Palo Alto Networks Cortex XSOAR  (Identity)

XSOAR

- v8.x

- v6.x

2.0

XSOAR Marketplace

Certified  

XSOAR

- v8.x

- v6.x

1.0

XSOAR Marketplace

Certified  
Rapid7 InsightIDR

n/a (SaaS)

1.0

Please contact Recorded Future

Via "Push config"

   
Recorded Future Collective Insights for SentinelOne

n/a

1.0

 

   
Recorded Future Collective Insights for Okta

n/a

1.0

 

   
Recorded Future Collective Insights for Carbon black

n/a

1.0

 

   
Recorded Future Collective Insights for Crowdstrike

n/a

1.0

 

   
Recorded Future Sandbox for Microsoft Sentinel

n/a

n/a

Sandbox Preview

In certification phase  
ServiceNow SIR/TI

Yokohama
Xanadu
Washington DC
Vancouver

3.2.2

ServiceNow Store Certified  

Washington DC
Vancouver
Utah 

3.1.4

ServiceNow Store Certified  

Washington DC
Vancouver
Utah

3.1.3

ServiceNow Store Certified  
ServiceNow Vulnerability Response

Yokohama
Xanadu
Washington DC
Vancouver

3.0.5 ServiceNow Store Certified  

Washington DC
Vancouver
Utah

3.0  ServiceNow Store Certified  

Washington DC
Vancouver

2.0.11 ServiceNow Store Certified  




ServiceNow Vendor Risk Management

Yokohama
Xanadu
Washington DC
Vancouver

2.0.0

ServiceNow Store Certified  

Utah
Tokyo
San Diego
Rome
Quebec

1.2.0

ServiceNow Store Certified  

ServiceNow Security Operations Foundation Framework

Washington DC
Vancouver
Utah
Tokyo

1.8.5

ServiceNow Store Certified

 

ServiceNow TISC

Yokohama
Xanadu
Washington DC

1.0.6

ServiceNow Store Certified

 






 












Splunk
Splunk 9.4, 9.3, 9.2, 
ES 8.0, 7.3, 7.2,

2.8.0

SplunkBase

In-Certification

 

Splunk 9.4, 9.3, 9.2, 
ES 8.0, 7.3, 7.2,

 

2.7.3

 

SplunkBase

In-Certification

 

Splunk 9.4, 9.3, 9.2, 
ES 8.0, 7.3, 7.2,

2.7.2

SplunkBase

Certified

 

Splunk 9.4, 9.3, 9.2, 
ES 8.0, 7.3, 7.2,

 

2.7.1

SplunkBase

Certified

 

Splunk 9.4, 9.3, 9.2, 
ES 7.3, 7.2, 7.1, 7.0

2.7.0

SplunkBase

Certified

 

Splunk 9.4, 9.3, 9.2, 
ES 8.0, 7.3, 7.2,

2.6.3

SplunkBase

Certified

 

Splunk 9.3, 9.2, 9.1, 
ES 7.2, 7.1, 7.0, 6.6

2.6.2

SplunkBase

Certified

 

Splunk 9.3, 9.2, 9.1, 
ES 7.2, 7.1, 7.0, 6.6

2.6.1

SplunkBase

Certified

 

Splunk 9.3, 9.2, 9.1, 
ES 7.2, 7.1, 7.0, 6.6

2.6.0

SplunkBase

Certified

 

Splunk 9.3, 9.2, 9.1, 9.0
ES 7.2, 7.1, 7.0, 6.6

2.5.1

SplunkBase

Certified

End of life

Splunk 9.2, 9.1, 9.0
ES 7.2, 7.1, 7.0, 6.6

2.5.0

SplunkBase

Certified

End of life

Splunk 9.3, 9.2, 9.1, 9.0
ES 7.2, 7.1, 7.0, 6.6

2.4.3

SplunkBase

 

Certified

 

End of life

Splunk 9.2, 9.1, 9.0,
ES 7.2, 7.1, 7.0, 6.6

2.4.2

SplunkBase

Certified

End of life

Splunk 9.1, 9.0, 8.2
ES 7.2, 7.1, 7.0, 6.6

 

2.4.1

 

SplunkBase

Certified

End of life

Splunk 9.1, 9.0, 8.2
ES 7.2, 7.1, 7.0, 6.6

2.4.0

SplunkBase

Certified

End of life

Splunk 9.1, 9.0, 8.2
ES 7.2, 7.1, 7.0, 6.6

2.3.3

SplunkBase

Certified

End of life

Splunk 9.1, 9.0, 8.2
ES 7.2, 7.1, 7.0, 6.6

2.3.2

SplunkBase

Certified

End of life

Splunk 9.1, 9.0, 8.2
ES 7.2, 7.1, 7.0, 6.6

2.3.1

SplunkBase

Certified

End of life

Splunk 9.1, 9.0, 8.2
ES 7.2, 7.1, 7.0, 6.6

2.3.0

SplunkBase

Certified

End of life

Splunk 8.1, 8.2
ES 6.4, 6.5, 6.6

2.0.5 [End of life]

SplunkBase

Certified [End of life]

 

Available on splunkbase to facilitate an upgrade with migration pathway for 1.1.x users. 


 

Splunk 8.1, 8.2
ES 6.1, 6.2, 6.3

1.1.9

SplunkBase

Certified

End of life since 2023-01-31

Splunk Enterprise

Splunk 8.1, 8.0, 7.3, 7.2, 7.1, 7.0, 6.6

All supported Splunk environments

5.0.10

 

End of life, no longer available at SplunkBase.

Superseded by Splunk (see above)

Certified

End of life

Splunk ES

Splunk 8.1, 8.0, 7.3, 7.2, 7.1, 7.0, 6.6

All supported Splunk environments

4.0.4

End of life, no longer available at SplunkBase.

Superseded by Splunk (see above)

Certified

End of life





Splunk SOAR
(Phantom)

Splunk SOAR v6.2, v6.1, v6.0

4.3.2  SplunkBase

Certified

 

Splunk SOAR v6.1, v6.0, v5.5

4.3.1  SplunkBase

Certified

 

Splunk SOAR v6.1, v6.0, v5.5

4.3.0 SplunkBase

Certified

 

Splunk SOAR v6.0, v5.5

4.2.0 SplunkBase

Certified

 

 Splunk SOAR v5.5, v5.4

4.1.0 SplunkBase

Certified

 

Splunk SOAR v5.3

4.0 SplunkBase

Certified

 

Phantom v5.1, v5.2, v5.3

3.1 SplunkBase

Certified

 

Phantom v4.6, v4.8

3.x SplunkBase Certified Renamed to "Splunk SOAR". We're keeping Phantom as internal name.

Splunk SOAR - Sandbox
(Phantom)

Splunk SOAR 6.0

1.1.0 SplunkBase Certified  

Splunk SOAR v5.3

1.0.1 SplunkBase Certified  

 

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
5 out of 5 found this helpful

Articles in this section