XSOAR Template Playbook Library

XSOAR Template Playbook Library

Recorded Future has developed a library of template playbooks that can be used in XSOAR as a starting point for leveraging intelligence in your automation processes. These playbooks are built to provide guidance as you build use case-specific playbooks. Client configuration is required to get playbooks running in client environments.

This page contains both certified and Beta playbooks. The purpose with Beta playbooks is to distribute XSOAR assets built by the Recorded Future Professional Services team, while Playbooks and other XSOAR assets are pending certification with PAN to be included in the Recorded Future for XSOAR PAN package.

Below is information on playbooks, requirements, and certification status.

Recorded Future for XSOAR App Overview: Link

Playbook Name Playbook Description Modules Required Recorded Future Apps Assets Certified?
Automated Threat Hunt Template playbook to initiate an Automated Threat Hunt based on the Threat Map in Recorded Future. The Playbook fetches links related to the Threat Actors part of the Threat Map from Recorded Future and launches a hunt in the SIEM for any detections within the environment. SecOps Intelligence, Threat Intelligence Recorded Future Intelligence (Recorded Future v2) YML File (Playbook) Yes
Entity Enrichment Template playbook to incorporate Recorded Future enrichment for IPs, Hashes, Domains, URLs into your current workflows. Playbook also shows how to look up available 'Links' data for IOCs. SecOps Intelligence, Threat Intelligence

Recorded Future Intelligence (Recorded Future v2)

YML File (Playbook) Yes
Recorded Future Sandbox Detonation and Enrichment Submit a URL or File to Hatching Sandbox, Detonates Sample, Enriches IPs and Domains generated from the detonation with Recorded Future Data SecOps Intelligence, Threat Intelligence

Recorded Future Intelligence (Recorded Future v2)

Hatching Triage

YML File (Playbook) Yes
Leaked Credential Alert Handling Template playbook showing suggested steps to triage leaked credential alerts. Classifier/Mapper are available to ingest Recorded Future Leaked Credential Alerts. Brand Intelligence

Recorded Future Intelligence (Recorded Future v2)

YML File (Playbook) Yes
Typosquat Alert Handling Template playbook showing suggested steps to triage typo squat alerts. Classifier/Mapper are available to ingest Recorded Future Typo squat Alerts. Brand Intelligence

Recorded Future Intelligence (Recorded Future v2)

YML File (Playbook) Yes
Vulnerability Alert Handling Template playbook showing suggested steps to triage new critical vulnerability alerts. Playbook include New and Critical CVEs. Classifier/Mapper are available to ingest Recorded Future New, Critical or Pre NVD Vulnerability Alerts. Vulnerability Intelligence Recorded Future Intelligence (Recorded Future v2) YML File (Playbook) Yes
Recorded Future Identity Intelligence Customer Use case

Implements an external use case for Recorded Future Identity Data

Identity Intelligence

Recorded Future Identity

YML File  Yes
Recorded Future Identity Intelligence Workforce Use case

Workforce use case for Identity search and lookup using Recorded Future Identity

Identity Intelligence

Recorded Future Identity

YML File Yes

 

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
3 out of 3 found this helpful

Articles in this section

See more