Recorded Future
Recorded Future is a threat intelligence platform that provides real-time insights into potential cyber threats and vulnerabilities. By integrating Recorded Future with Brinqa, you can enhance CVE scoring and identify vulnerabilities to prioritize and address potential risks, gain a deeper understanding of your threat landscape, and enhance your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Recorded Future and how to obtain that information from Recorded Future. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Recorded Future from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Recorded Future with Brinqa:
-
API URL: The Recorded Future API URL. The default URL is
https://api.recordedfuture.com. -
API Key: The access key associated with the Recorded Future account, which must have permissions to log in to the API server and return data.
Generate a Recorded Future API key
For the Recorded Future connector to use the Recorded Future API, you must provide an API key. Recorded Future does not allow retrieval of an active token, therefore, you must generate a new key instead. To do so, follow these steps:
-
Log in to your organization's Recorded Future portal as an administrator.
-
Click the menu on the upper-right corner, and then click User Settings.
-
Under API Access, click Generate New API Token.
-
Give the new API key a name and description.
-
Click Create.
Copy the new Recorded Future API key and store it in a secure location.
Consult Recorded Future documentation for accuracy. If you do not have the permissions to create an API key, contact your Recorded Future administrator.
Types of data to retrieve
The Recorded Future connector can retrieve the following types of data from the Recorded Future API:
Table 1: Data retrieved from Recorded Future
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Vulnerability Risk | Yes | CVE Record |
| Vulnerability Risk Indicator | Yes | Threat Intelligence |
The Recorded Future connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from Recorded Future in the Brinqa Platform, see How to view your data.
APIs
The Recorded Future connector uses the Recorded Future Connect API. Specifically, it uses the following endpoints:
Table 2: Recorded Future Connect API Endpoints
| Connector Object | API Endpoints |
|---|---|
| Vulnerability Risk | GET /v2/vulnerability/risklist/ GET /v2/vulnerability/riskrules |
| Vulnerability Risk Indicator | GET /v2/vulnerability/risklist/ GET /v2/vulnerability/riskrules |
Changelog
The Recorded Future connector has undergone the following changes:
3.0.0
- Initial Integration+ release.