FAQ (Browser Extension) | Recorded Future
See Intelligence-Led Security In Action Attend a Live Product Demo

Recorded Future Browser Extension
Frequently Asked Questions


What are the license options available for Recorded Future’s browser extension?

Express is our free license level for the browser extension. It provides users with high-level indicator data, including dynamic risk scores and the top risk rule subject to Recorded Future’s Terms of Use and other conditions upon sign-up.

Paid Recorded Future licenses include the same features of the browser extension. In addition, these licenses provide users with detailed context and evidence about each of the indicators on any webpage.

What is a risk score?

Risk scores are based on a set of risk rules. Each indicator type has a distinct set of risk rules.

Recorded Future’s real-time risk scores highlight the severity level associated with the indicator being researched. This helps analysts quickly and confidently reach a verdict or risk assessment for their environment.

Recorded Future generates risk scores by combining information from across the web, our proprietary data sources, and industry-leading research from our Insikt Group. This includes unstructured text, threat feeds and other technical threat data.

The overall risk score is a number between 0 and 99, determined by which rules are currently triggered. The highest severity level associated with an indicator determines the base score:

  • Very malicious: 90
  • Malicious: 65
  • Suspicious: 25
  • Unusual: 5

What is a risk rule?

Recorded Future’s risk scores are based on a set of risk rules for each indicator type. Recorded Future’s browser extension has risk rules for the following indicator types:

  • IP address
  • Domain
  • URL
  • Hash
  • Vulnerability

Risk rules are assigned a level of severity, which factors into the overall risk score. These rules continue to evolve as Recorded Future adds data and analytics sources.

What are the use cases for the Recorded Future Browser Extension?

  • Prioritizing alerts: Use Recorded Future’s browser extension over security platforms like a SIEM to instantly understand which indicators are highest risk and require further investigation.
  • Prioritizing vulnerabilities: Use the browser extension over your vulnerability management tool or national vulnerability database to instantly understand which vulnerabilities present the highest risk and require further investigation.
  • Enhancing malware analysis: Overlay Recorded Future’s risk scores on sandbox reports to instantly understand which indicators pose the highest risk and warrant further investigation.
  • Reducing research time: Detect threats 10 times faster with transparent context and risk rules.

Why can’t I see the other risk rules?

Users with an Express license are able to view only the top risk rule. Paid users see all risk rulse.

Where does the browser extension work?

The browser extension works over most web-based pages, including security blogs, PDFs and other local files, SIEMs, vulnerability scanners, and other security technologies. If you come across a site where the browser extension doesn’t properly work, please let us know by emailing express at recordedfuture.com.

Where doesn’t the browser extension work?

The browser extension is unable to overlay risk scores on Google Sheets.

How do I use the browser extension with my SIEM?

The Recorded Future browser extension quickly scans any webpage to identify IPs, domains, URLs, hashes, and CVEs. You can choose to display risk scores directly on the page to identify threats and vulnerabilities within a single platform.

Security analysts can use the browser extension in two ways. Overlay risk scores directly on the SIEM page, or view all of the page’s indicators within the browser extension to list their indicators in order of highest to lowest risk score.

How do I upgrade my browser extension license from Express to the paid version??

If your organization has a paid Recorded Future account, contact your Intelligence Services consultant or sales representative.

If your organization does not have a paid Recorded Future account, you can upgrade your browser extension license by contacting our sales team.

Is Recorded Future GDPR compliant?

Yes. Recorded Future is GDPR compliant and a member of EU-U.S. Privacy Shield Framework.

What data does Recorded Future collect?

Users of the Recorded Future browser extension are subject to data collection as outlined in our Privacy Policy.

For questions about how we keep your data secure, see our security FAQ.

Does Recorded Future adhere to secure coding guidelines?

Yes, Recorded Future adheres to secure coding guidelines (including OWASP Secure Coding Practices) that address common software development vulnerabilities.