Recorded Future ASI
Recorded Future ASI (Attack Surface Intelligence) is an external attack surface management platform that integrates with the SecurityTrails API to discover and monitor domain assets, IP assets, and security exposures across projects. You can bring asset, vulnerability, and vulnerability definition data from Recorded Future ASI into Brinqa to gain a unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Recorded Future ASI and how to obtain that information from Recorded Future. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Recorded Future ASI from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate Recorded Future ASI with Brinqa:
-
API URL: The Recorded Future ASI API base URL. The default URL is
https://api.securitytrails.com. -
API Key: The API key associated with the Recorded Future ASI account, which must have permissions to access the SecurityTrails API and return data.
The connector authenticates using API key authentication. The API key is included in the apiKey request header to authenticate and authorize access to the SecurityTrails API endpoints.
Consult Recorded Future documentation for accuracy. If you do not have the permissions to create an API key, contact your Recorded Future administrator.
Additional settings
The Recorded Future ASI connector contains additional options for specific configuration:
- Page size: The maximum number of records to get per API request. The default setting is 1000.
- Parallel requests: The maximum number of parallel API requests. The default setting is 4.
- Maximum retries: The maximum number of times that the integration attempts to connect to the Recorded Future ASI API before giving up and reporting a failure. The default setting is 5.
Types of data to retrieve
The Recorded Future ASI connector can retrieve the following types of data from the Recorded Future ASI API:
Table 1: Data retrieved from Recorded Future ASI
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Domain | Yes | Site |
| Exposure | Yes | Vulnerability |
| Exposure Definition | Yes | Vulnerability Definition |
| IP | Yes | Host |
The Recorded Future ASI connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from Recorded Future ASI in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Domain
Table 2: Domain attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
AssetResource.id | ASSET_ID |
AssetResource.type | ASSET_TYPE |
ASSET_CATEGORY_DOMAIN, AssetResource.type | CATEGORIES |
AssetResource.defenses | DEFENSES |
AssetResource.discoveredAt | FIRST_SEEN |
AssetResource.isStaticAsset | IS_STATIC_ASSET |
| Generated (sync capture timestamp) | LAST_CAPTURED |
AssetResource.lastScannedAt | LAST_SCANNED |
AssetResource.name | NAME |
AssetResource.whois.nameServers | NAME_SERVERS |
AssetResource.scannedIps.openPorts | OPEN_PORTS |
AssetResource.projectId | PROJECT_ID |
AssetResource.whois.registrar | REGISTRAR |
AssetResource.resolvedIps | RESOLVED_IPS |
AssetResource.scannedIps.ip | SCANNED_IPS |
AssetResource.addedToProjectAt | SOURCE_CREATED_DATE |
AssetResource.customTags | TAGS |
AssetResource.whois.expiresAt | TERMINATION_DATE |
AssetResource.id | UID |
Exposure
Table 3: Exposure attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
AssetResource.id | ASSET_ID |
AssetResource.type | ASSET_TYPE |
AssetResource.exposureScore | EXPOSURE_SCORE |
ExposureResource.instances.portNumber | EXPOSURE_INSTANCE_PORTS |
AssetResource.isStaticAsset | IS_STATIC_ASSET |
| Generated (sync capture timestamp) | LAST_CAPTURED |
AssetResource.lastScannedAt | LAST_FOUND |
MD5(AssetResource.id, ExposureResource.id) | NAME |
AssetResource.scannedIps.openPorts.port | PORTS |
AssetResource.projectId | PROJECT_ID |
AssetResource.scannedIps.openPorts.protocol | PROTOCOLS |
StatusValues.ACTIVE | PROVIDER_STATUS |
normalizeFindingSeverity(severity) | SEVERITY |
getFindingSeverityScore(severity) | SEVERITY_SCORE |
AssetResource.addedToProjectAt | SOURCE_CREATED_DATE |
ExposureResource.severity | SOURCE_SEVERITY |
StatusValues.ACTIVE | SOURCE_STATUS |
AssetResource.customTags | TAGS |
AssetResource.id, AssetResource.projectId | TARGETS |
ExposureResource.id | TYPE |
MD5(AssetResource.id, ExposureResource.id) | UID |
Exposure Definition
Table 4: Exposure Definition attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
Signature.vulnerabilities.cveId | CVE_IDS |
Signature.vulnerabilities.cveId | CVE_RECORDS |
Signature.vulnerabilities.cvssScore | CVSS_V3_BASE_SCORE |
getCVSSMetrics(cvssMetrics) | CVSS_V3_AC |
getCVSSMetrics(cvssMetrics) | CVSS_V3_AV |
getCVSSMetrics(cvssMetrics) | CVSS_V3_CI |
getCVSSMetrics(cvssMetrics) | CVSS_V3_II |
getCVSSMetrics(cvssMetrics) | CVSS_V3_PR |
getCVSSMetrics(cvssMetrics) | CVSS_V3_UI |
Signature.vulnerabilities.cweIds | CWE_IDS |
Signature.description | DESCRIPTION |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Signature.name | NAME |
Signature.remediationSteps.actions | RECOMMENDATION |
Signature.references | REFERENCES |
normalizeFindingSeverity(Signature.severity) | SEVERITY |
getFindingSeverityScore(severity) | SEVERITY_SCORE |
Signature.addedAt | SOURCE_CREATED_DATE |
Signature.severity | SOURCE_SEVERITY |
Signature.id | UID |
IP
Table 5: IP attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
AssetResource.id | ASSET_ID |
AssetResource.type | ASSET_TYPE |
ASSET_CATEGORY_HOST, AssetResource.type | CATEGORIES |
AssetResource.defenses | DEFENSES |
AssetResource.discoveredAt | FIRST_SEEN |
AssetResource.isStaticAsset | IS_STATIC_ASSET |
| Generated (sync capture timestamp) | LAST_CAPTURED |
AssetResource.lastScannedAt | LAST_SCANNED |
AssetResource.name | NAME |
AssetResource.scannedIps.openPorts | OPEN_PORTS |
AssetResource.projectId | PROJECT_ID |
AssetResource.scannedIps.ip | SCANNED_IPS |
AssetResource.addedToProjectAt | SOURCE_CREATED_DATE |
AssetResource.customTags | TAGS |
AssetResource.whois.expiresAt | TERMINATION_DATE |
AssetResource.id | UID |
Model relationship diagram
APIs
The Recorded Future ASI connector uses the SecurityTrails API. Specifically, it uses the following endpoints:
Table 6: Recorded Future ASI API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Domain | GET /v2/projects/{projectId}/assets |
| Exposure | GET /v2/projects/{projectId}/assets |
| Exposure Definition | GET /v2/projects/{projectId}/exposures |
| IP | GET /v2/projects/{projectId}/assets |
Changelog
The Recorded Future ASI connector has undergone the following changes:
This connector is part of a bundled release with other connectors from the same vendor. If a version shows "No change", it means that the connector version was updated for consistency as part of the bundle, but no functional changes were made to this specific connector. You can update to or skip this version without affecting your existing configuration.
Table 7: Recorded Future ASI connector changelog
| Version | Description | Date Published |
|---|---|---|
| 3.2.2 | Initial Integration+ release. | April 2nd, 2026 |