Overview

Connector Setup

Recorded Future in the Vulcan Platform

API


Overview

About Recorded Future

Recorded Future Vulnerability Intelligence automatically collects vital vulnerability data from the widest range of open, closed, and technical sources. This wealth of information is analyzed and risk-scored in real-time, enabling security teams to instantly understand which vulnerabilities pose the greatest risk to their organization.

Why Integrate Threat Intelligence tools into the Vulcan platform?

Read all about the value you gain out of this integration here.

Recorded Future Connector details

Supported products

Vulnerability Intelligence

Category

Threat Intelligence

Integration type

UNI directional (data is transferred from Recorded Future to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)


Connector Setup

Prerequisites and user permissions

Before you begin configuring the connector, make sure you have the following:

  • Recorded Future API token is required to use the API

Configuring the Recorded Future Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Recorded Future icon.

  4. Set up the Connector as follows:

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Recorded Future instance, then click Create (or Save Changes).

  6. Allow some time for the sync to complete. Then, you can review the sync status under Log.

  7. To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Recorded Future icon shows Connected, the connection is complete.


Recorded Future in the Vulcan Platform

Finding Recorded Future vulnerabilities

Recorded Future is a Threat Intelligence connector that enriches vulnerability data based on their CVE.
Once integrated, the Recorded Future TI data becomes available and attached to the relevant vulnerabilities in the Vulcan Platform.

  1. Go to Vulnerabilities > filter by Threats > Recorded Future Critical / High.

    Note: The Vulcan Platform displays recorded future CVEs only with Critical (score above 90) and High (score 65-89) severity levels.

    You can focus and narrow your search by selecting more filters.

  2. In the results, you'll see that vulnerabilities have a "Recorded Future" threat tag.
    Click on a vulnerability/CVE for more details.

  3. In the Vulnerability details window, you can see all the cyber information gathered on that vulnerability including Affected Assets, Threat Tags, Severity Score, Fixes, and much more. the "Recorded Future" tag will appear next to Attack Vectors.

  4. Go to the Threat Intelligence tab > Expand the attached Recorded Future TI card for more details.

See it in action:

Intelligence Cards provide transparency into the evidence for each risk rule, usually including one or more reporting sources and links back to documents published by these sources.

Each Recorded Future Intelligence Card refers to a single CVE and displays details such as first-seen date, description, last-seen date, risk score, risk summary, Observed risk rules including name, criticality, description, latest website mentioning the CVE, and more.

Known limitations

Currently, the following information from Recorded Future isn't presented in the Vulcan Platform:

  • NVD Summary

  • Context


Taking action and automating remediation on vulnerabilities

Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the Recorded Future Connector.

Use the Threats condition to create automation based on Threat Tags and Attack Vectors, such as Threat Intelligence tags by Mandiant or Recorded Future.

Click here to learn how to create automation in the Vulcan Cyber Platform.


API

API endpoints in use

https://api.recordedfuture.com/v2/#/

API Call

GET risk list

GET /v2/vulnerability/format=csv%2Fsplunk&list=default

GET vulnerability Intelligence Cards

GET /v2/vulnerability/{id}

Did this answer your question?