Skip to main content

Recorded Future

Recorded Future is a threat intelligence platform that provides real-time insights into potential cyber threats and vulnerabilities. By integrating Recorded Future with Brinqa, you can enhance CVE scoring and identify vulnerabilities to prioritize and address potential risks, gain a deeper understanding of your threat landscape, and enhance your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Recorded Future and how to obtain that information from Recorded Future. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Recorded Future from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate Recorded Future with Brinqa:

  • API URL: The Recorded Future API URL. The default URL is https://api.recordedfuture.com.

  • API Key: The access key associated with the Recorded Future account, which must have permissions to log in to the API server and return data.

Generate a Recorded Future API key

For the Recorded Future connector to use the Recorded Future API, you must provide an API key. Recorded Future does not allow retrieval of an active token, therefore, you must generate a new key instead. To do so, follow these steps:

  1. Log in to your organization's Recorded Future portal as an administrator.

  2. Click the menu on the upper-right corner, and then click User Settings.

  3. Under API Access, click Generate New API Token.

  4. Give the new API key a name and description.

  5. Click Create.

    Copy the new Recorded Future API key and store it in a secure location.

note

Consult Recorded Future documentation for accuracy. If you do not have the permissions to create an API key, contact your Recorded Future administrator.

Additional settings

The Recorded Future connector contains additional options for specific configuration:

  • Request timeout (secs): The maximum time allotted, in seconds, before a request times out. The default setting is 120 seconds. Although it is not recommended, you can also enter zero (0) to disable timeouts.

Types of data to retrieve

The Recorded Future connector can retrieve the following types of data from the Recorded Future API:

Table 1: Data retrieved from Recorded Future

Connector ObjectRequiredMaps to Data Model
Vulnerability RiskYesCVE Record
Vulnerability Risk IndicatorYesThreat Intelligence
info

The Recorded Future connector does not currently support operation options for the types of data it retrieves.

For detailed steps on how to view the data retrieved from Recorded Future in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes.

Vulnerability Risk

Table 2: Vulnerability Risk attribute mappings

Source Field NameSDM Attribute
EvidenceDetail.ruleCYBER_EXPLOIT_SIGNAL
EvidenceDetail.ruleEXPLOITED_IN_THE_WILD
EvidenceDetail.ruleHISTORICALLY_LINKED_TO_CYBER_EXPLOIT
EvidenceDetail.ruleHISTORICALLY_LINKED_TO_EXPLOIT_KIT
EvidenceDetail.ruleHISTORICALLY_LINKED_TO_MALWARE
EvidenceDetail.ruleHISTORICALLY_LINKED_TO_PEN_TESTING
EvidenceDetail.ruleHISTORICALLY_LINKED_TO_RANSOMWARE
EvidenceDetail.ruleHISTORICALLY_LINKED_TO_RAT
EvidenceDetail.ruleHISTORICAL_UNVERIFIED_POC
EvidenceDetail.ruleHISTORICAL_VERIFIED_POC
EvidenceDetail.ruleHISTORICAL_VERIFIED_POC_RCE
EvidenceDetail.ruleRECENTLY_LINKED_TO_CYBER_EXPLOIT
EvidenceDetail.ruleRECENTLY_LINKED_TO_EXPLOIT_KIT
EvidenceDetail.ruleRECENTLY_LINKED_TO_MALWARE
EvidenceDetail.ruleRECENTLY_LINKED_TO_PEN_TESTING
EvidenceDetail.ruleRECENTLY_LINKED_TO_RANSOMWARE
EvidenceDetail.ruleRECENTLY_LINKED_TO_RAT
EvidenceDetail.ruleRECENT_UNVERIFIED_POC
EvidenceDetail.ruleRECENT_VERIFIED_POC
EvidenceDetail.ruleRECENT_VERIFIED_POC_RCE
Generated (sync capture timestamp)LAST_CAPTURED
EvidenceDetail.timestampLAST_REFERENCED
Risk.riskSCORE
Risk.nameUID
Vulnerability Risk Indicator

Table 3: Vulnerability Risk Indicator attribute mappings

Source Field NameSDM Attribute
Risk.cpesAFFECTED
EvidenceDetail.categoryCATEGORIES
Risk.nameCVE_IDS
Risk.nameCVE_RECORDS
EvidenceDetail.evidenceStringDESCRIPTION
Generated (sync capture timestamp)LAST_CAPTURED
EvidenceDetail.ruleNAME
EvidenceDetail.mitigationRECOMMENDATION
normalizeFindingSeverity(criticality)SEVERITY
getFindingSeverityScore(severity)SEVERITY_SCORE
EvidenceDetail.timestampSOURCE_CREATED_DATE
EvidenceDetail.criticalitySOURCE_SEVERITY
MD5(Risk.name, EvidenceDetail.rule, evidenceString, timestamp)UID

Model relationship diagram

APIs

The Recorded Future connector uses the Recorded Future Connect API. Specifically, it uses the following endpoints:

Table 4: Recorded Future Connect API Endpoints

Connector ObjectAPI Endpoints
Vulnerability RiskGET /v2/vulnerability/risklist/
GET /v2/vulnerability/riskrules
Vulnerability Risk IndicatorGET /v2/vulnerability/risklist/
GET /v2/vulnerability/riskrules

Changelog

The Recorded Future connector has undergone the following changes:

note

This connector is part of a bundled release with other connectors from the same vendor. If a version shows "No change", it means that the connector version was updated for consistency as part of the bundle, but no functional changes were made to this specific connector. You can update to or skip this version without affecting your existing configuration.

Table 5: Recorded Future connector changelog

VersionDescriptionDate Published
3.2.2No change.April 2nd, 2026
3.2.1Fixed an issue where the Vulnerability Risk Indicator object sync was failing. Added a new connection setting, Request timeout, to make the timeout configurable. The default is 120 seconds.January 20th, 2026
3.2.0No change.December 18th, 2025
3.0.0Initial Integration+ release.April 5th, 2023
Last updated on