XSOAR Template Playbook Library
Recorded Future has developed a library of template playbooks that can be used in XSOAR as a starting point for leveraging intelligence in your automation processes. These playbooks are built to provide guidance as you build use case-specific playbooks. Client configuration is required to get playbooks running in client environments.
This page contains both certified and Beta playbooks. The purpose with Beta playbooks is to distribute XSOAR assets built by the Recorded Future Professional Services team, while Playbooks and other XSOAR assets are pending certification with PAN to be included in the Recorded Future for XSOAR PAN package.
Below is information on playbooks, requirements, and certification status.
Recorded Future for XSOAR App Overview: Link
| Playbook Name | Playbook Description | Modules | Required Recorded Future Apps | Assets | Certified? |
| Automated Threat Hunt | Template playbook to initiate an Automated Threat Hunt based on the Threat Map in Recorded Future. The Playbook fetches links related to the Threat Actors part of the Threat Map from Recorded Future and launches a hunt in the SIEM for any detections within the environment. | SecOps Intelligence, Threat Intelligence | Recorded Future Intelligence (Recorded Future v2) | YML File (Playbook) | Yes |
| Entity Enrichment | Template playbook to incorporate Recorded Future enrichment for IPs, Hashes, Domains, URLs into your current workflows. Playbook also shows how to look up available 'Links' data for IOCs. | SecOps Intelligence, Threat Intelligence | YML File (Playbook) | Yes | |
| Recorded Future Sandbox Detonation and Enrichment | Submit a URL or File to Hatching Sandbox, Detonates Sample, Enriches IPs and Domains generated from the detonation with Recorded Future Data | SecOps Intelligence, Threat Intelligence | YML File (Playbook) | Yes | |
| Leaked Credential Alert Handling | Template playbook showing suggested steps to triage leaked credential alerts. Classifier/Mapper are available to ingest Recorded Future Leaked Credential Alerts. | Brand Intelligence | YML File (Playbook) | Yes | |
| Typosquat Alert Handling | Template playbook showing suggested steps to triage typo squat alerts. Classifier/Mapper are available to ingest Recorded Future Typo squat Alerts. | Brand Intelligence | YML File (Playbook) | Yes | |
| Vulnerability Alert Handling | Template playbook showing suggested steps to triage new critical vulnerability alerts. Playbook include New and Critical CVEs. Classifier/Mapper are available to ingest Recorded Future New, Critical or Pre NVD Vulnerability Alerts. | Vulnerability Intelligence | Recorded Future Intelligence (Recorded Future v2) | YML File (Playbook) | Yes |
| Recorded Future Identity Intelligence Customer Use case |
Implements an external use case for Recorded Future Identity Data |
Identity Intelligence | YML File | Yes | |
| Recorded Future Identity Intelligence Workforce Use case |
Workforce use case for Identity search and lookup using Recorded Future Identity |
Identity Intelligence | YML File | Yes |