Now Available: New API for Threat Intelligence | Recorded Future

Now Available: Recorded Future’s New API for Threat Intelligence

January 24, 2017 • Glenn Wong

We’re pleased to announce the launch of Recorded Future’s new API for machine-readable threat intelligence. This API makes it faster and easier to automate threat intelligence context to top security processes with enrichment, correlation, and monitoring.

Most security teams will benefit from this API through our integrations with SIEM and incident response platforms without needing to “open the hood” and learn our API. Those details are important to security teams that want to creatively expand on those integrations to add our threat intelligence to even more products and workflows. This blog post is for those practitioners and developers, since this new API makes their job easier!

Before this launch, we invited customers and partners to test drive the new API and received both invaluable feedback and early validation.

For example, we previewed the new API with our friends at IBM, who quickly used it to integrate Recorded Future into X-Force Exchange for IOC enrichment.

We also updated our integration with Phantom, the new and highly acclaimed security automation and orchestration platform. Rob Truesdell, Director of Product Management at Phantom, said this about our recently certified app:

We’re excited to make the new Recorded Future app available to our customers. This well-constructed app automates the enrichment of artifacts with real-time, broad-based threat intelligence, thus helping security operations teams make decisions faster and with more confidence. Automation is a key to cyber defense; Recorded Future understands this and makes it easy to integrate their data with the different tools our customers use.
Rob Truesdell, Director of Product Management at Phantom

In the details, the API offers REST operations for common security data types like domains, IP addresses, file hashes, malware, and vulnerabilities. These are generally called “entities” in our jargon. Each entity type offers API operations for lookup (enrichment), search (monitoring), and risk list download (correlation). The API also offers operations for lists of entities, which include threat lists, white lists, and deployment-specific watchlists.

Recorded Future API Explorer

Our new API explorer allows analysts and developers to learn about the Recorded Future API and its features through an interactive interface.

Recorded Future API Sample Query

Recorded Future API Sample Query

Our new API is easy to learn and use; the explorer lets you create sample queries and run them on the fly; accompanying request examples can be cut and pasted directly into your automation scripts and integration code.

Integration developers will find this API very similar to other threat intelligence enrichment and monitoring APIs which they’ve used, and the early feedback has already been extremely positive. To find out if our new API is a good fit for your security needs, request a demo today.

New call-to-action

Related Posts

Using Intelligence to Prioritize AWS Guard Duty Alerts

Using Intelligence to Prioritize AWS Guard Duty Alerts

March 10, 2021 • Meghan McGowan

Security operations teams are inundated with alerts and threats making it difficult for them to...

Announcing Security Intelligence for Splunk — For Free

Announcing Security Intelligence for Splunk — For Free

February 23, 2021 • Ellen Wilson

Today, we’re thrilled to announce the launch of a free 30-day trial of our integration for Splunk...

Special Delivery: Recorded Future Hunting Packages

Special Delivery: Recorded Future Hunting Packages

September 25, 2019 • The Recorded Future Team

Quickly detecting and preventing malicious activity is imperative to effectively protecting your...