Table of Contents
Introduction
The ThreatConnect® integration with Recorded Future® ingests Domain, Hash, IP, URL, and Vulnerability Risk List entities, as well as Analyst Notes, from Recorded Future. After ingesting these data, the integration creates corresponding objects with select Recorded Future metadata in ThreatConnect.
Prerequisites
- Active ThreatConnect Application Programming Interface (API) key
- ThreatConnect instance with version 7.4.0 or newer installed
- Active Recorded Future API token
- Active Recorded Future module subscriptions: SecOps Intelligence, Threat Intelligence, and/or Vulnerability Intelligence
Installation Steps
- Log into ThreatConnect with a System Administrator account.
- Install the Recorded Future Intelligence Engine App via TC Exchange™.
- Use the ThreatConnect Feed Deployer to set up and configure the Recorded Future IntelligenceEngine App. Click here to see available parameters.
After successfully configuring and activating the Feed API Service, you can access the Recorded Future Intelligence Engine user interface (UI). This UI allows you to interact with and manage the Recorded Future integration.
Follow these steps to access the UI:
- Log into ThreatConnect with a System Administrator account.
- On the top navigation bar, hover over Playbooks and select Services. The Services tab of the Playbooks screen will be displayed.
- Locate the Recorded Future Intelligence Engine Feed API Service and then click the link in the Service’s API Path field. The DASHBOARD screen of the Recorded Future Intelligence Engine UI will open in a new browser tab.
The following screens are available in the Recorded Future Intelligence Engine UI:
- DASHBOARD
- JOBS
- TASKS
- DOWNLOAD
- REPORT
Click here for instructions on how to set up and configure each of the above screens.
Support
For integration support, please contact support@threatconnect.com.