Introduction
The Recorded Future Sandbox for Splunk SOAR integration enables security teams to submit a sample to Sandbox for analysis and extract the report along with the indicators for further investigation within the playbooks in Splunk SOAR.
Prerequisites
- Recorded Future Sandbox API Token (Check FAQ's section for more details)
Installation
1. Go to Apps section inside Splunk SOAR
2. Search for Recorded Future Sandbox
3. Install the app in your Splunk SOAR environment as per the following:
a. Server IP/Hostname: https://sandbox.recordedfuture.com
b. API Path: For private cloud instances this would be /api/v0/. For the public cloud this would be just /v0/
c. API Key: Enter the API key generated from https://sandbox.recordedfuture.com/account. (This is a separate token from the one generated for the main Recorded Future for Splunk SOAR app)
FAQ
1. How to generate Recorded Future Sandbox API Token ?
i. Goto https://sandbox.recordedfuture.com
ii. Click on Account icon in the top right corner
iii. Under the section 'API Keys' - click on 'Generate API Key'
iv. Provide a name for the API key and click on 'Generate API Key'
v. Click on clipboard icon corresponding to the generated API key to copy the generated token.
Support
Please reach out to Recorded Future Support at support@recoredfuture.com for any further queries or assistance needed during the installation process.