FAQ (Browser Extension) | Recorded Future

Recorded Future Browser Extension
Frequently Asked Questions

What are the different licenses available for Recorded Future’s browser extension?

There are four license options that include access to the Recorded Future browser extension.

Express, our free license level, provides users with high-level indicator data, including dynamic risk scores and the top risk rule subject to Recorded Future’s Terms of Use and other conditions upon sign-up.

The Express Plus, Core, and Advanced license levels are associated with paid Recorded Future subscribers, and all include the same features of the browser extension. These licenses provide users with detailed context about each of the indicators on any webpage. This includes dynamic risk scores, associated risk rules, and a deeper dive into the context and evidence behind the risk rules.

What is a risk score?

Risk scores are based on a set of risk rules. Each indicator type has a distinct set of risk rules.

Recorded Future’s real-time risk scores highlight the severity level associated with the indicator being researched. This helps analysts quickly and confidently reach a verdict or risk assessment for their environment.

Recorded Future generates risk scores by combining information from across the web, our proprietary data sources, and industry-leading research from our Insikt Group. This includes unstructured text, threat feeds and other technical threat data.

The overall risk score is a number between 0 and 99, determined by which rules are currently triggered. The highest severity level associated with an indicator determines the base score:

  • Very malicious: 90
  • Malicious: 65
  • Suspicious: 25
  • Unusual: 5

What is a risk rule?

Recorded Future’s risk scores are based on a set of risk rules for each indicator type. Recorded Future’s browser extension has risk rules for the following indicator types:

  • IP address
  • Domain
  • Hash
  • Vulnerability

Risk rules are assigned a level of severity, which factors into the overall risk score. These rules continue to evolve as Recorded Future adds data and analytics sources.

What are the use cases for the Recorded Future Browser Extension?

  • Prioritizing alerts: Use Recorded Future’s browser extension over security platforms like a SIEM to instantly understand which indicators are highest risk and require further investigation.
  • Prioritizing vulnerabilities: Use the browser extension over your vulnerability management tool or national vulnerability database to instantly understand which vulnerabilities present the highest risk and require further investigation.
  • Enhancing malware analysis: Overlay Recorded Future’s risk scores on sandbox reports to instantly understand which indicators pose the highest risk and warrant further investigation.
  • Reducing research time: Detect threats 10 times faster with transparent context and risk rules.

Why can’t I see the other risk rules?

Users with an Express license are able to view the top risk rule. Please refer to the differences between the Express and Express Plus licenses here.

Where does the browser extension work?

The browser extension works over most web-based pages, including security blogs, SIEMs, vulnerability scanners, and other security technologies. If you come across a site where the browser extension doesn’t properly work, please let us know by emailing express at recordedfuture.com.

Where doesn’t the browser extension work?

The browser extension is unable to overlay risk scores on PDFs or Google Sheets.

How do I use the browser extension with my SIEM?

The Recorded Future browser extension quickly scans any webpage to identify IPs, hashes, and CVEs. You can choose to display risk scores directly on the page to identify threats and vulnerabilities within a single platform.

Security analysts can use the browser extension in two ways. Overlay risk scores directly on the SIEM page, or view all of the page’s indicators within the browser extension to list their indicators in order of highest to lowest risk score.

How do I upgrade my browser extension license from Express to Express Plus, or another level of Recorded Future subscription?

If your organization has a paid Recorded Future account, contact your Intelligence Services consultant or sales representative.

If your organization does not have a paid Recorded Future account, you can upgrade your browser extension license by contacting our sales team.

Is Recorded Future GDPR compliant?

Yes. Recorded Future is GDPR compliant and a member of EU-U.S. Privacy Shield Framework.

What data does Recorded Future collect?

Users of the Recorded Future browser extension are subject to data collection as outlined in our Privacy Policy.

For questions about how we keep your data secure, see our security FAQ.

Does Recorded Future adhere to secure coding guidelines?

Yes, Recorded Future adheres to secure coding guidelines (including OWASP Secure Coding Practices) that address common software development vulnerabilities.