Recorded Future Intelligence Cloud Modules

Details for the user seat and API access for Recorded Future's Intelligence Cloud Modules

Brand Intelligence

Includes:*

  • Support for 1000 Logo hashes

*Additional quantities may be purchased

 Module
  • Access for up to 4 users.
  • Support for 100 executives within executive impersonation monitoring
  • Support for 1 Company Logo curation
  • Support for 1 Company Name within company impersonation monitoring
Team
  • Access for up to 10 users.
  • Support for 250 executives within executive impersonation monitoring
  • Support for 5 Company Logos curation
  • Support for 5 Company Names within company impersonation monitoring
Team Expansion Access for an additional 10 users
Company
  • Access for up to 100 users.
  • Support for 500 executives within executive impersonation monitoring
  • Support for 10 Company Logos curation
  • Support for 10 Company Names within company impersonation monitoring
Threat Intelligence Module Access for up to 2 users.
Team Access for up to 5 users.
Team Expansion Access for an additional 5 users
Company Access for up to 30 users.
SecOps Intelligence Module Access for up to 10 users.
Team Access for up to 50 users and one (1) integration listed here.
Team Expansion Access for an additional 50 users
Company Access for up to 250 users and one (1) integration listed here.
Geopolitical Intelligence Module Access for up to 2 users.
Team Access for up to 5 users.
Team Expansion Access for an additional 5 users
Company Access for up to number of users as outlined within the Terms and Conditions.
Vulnerability Intelligence Module Access for up to 4 users.
Team Access for up to 10 users.
Team Expansion Access for an additional 10 users
Company Access for up to 100 users.
Identity Intelligence Access for up to the number of identities listed on the order form.
Third Party Intelligence Access for up to the number of companies listed on the order form.
Attack Surface Intelligence Company Access for up to 10 users and 5 projects


Integration Category D - Includes access to Indicator-of-Compromise enrichment, Alert, Analyst Notes, and Advanced APIs according to purchased Modules

Integration Category E - Includes access to Risk List and Indicator-of-Compromise Enrichment endpoints as detailed below (subject to purchased module support)

API Definitions

The following endpoints are considered individual API endpoints which may be licensed upon request.

Risk Lists

  • Risk lists, Security Control Feeds, and Fusion Files including the /IP/risklist, /Domain/risklist, /URL/risklist, /Hash/risklist, /Vulnerability/risklist, and /Fusion/files endpoints

Indicator-of-Compromise

  • Connect API - IP enrichment - The endpoints found at api.recordedfuture.com/v2/ip which can be used for enriching IP addresses with risk information from the Recorded Future Platform. Requires subscription to Brand Intelligence, SecOps Intelligence, or Threat Intelligence as well.
  • Connect API - Domain enrichment - The endpoints found at api.recordedfuture.com/v2/domain which can be used for enriching domain names with risk information from the Recorded Future Platform. Requires subscription to Brand Intelligence, SecOps Intelligence, or Threat Intelligence as well.
  • Connect API - Vulnerability enrichment - The endpoints found at api.recordedfuture.com/v2/vulnerability which can be used for enriching vulnerabilities with risk information from the Recorded Future Platform. Requires subscription to Vulnerability Intelligence as well.
  • Connect API - Companies - The endpoints found at api.recordedfuture.com/v2/company which can be used for enriching companies and organizations with risk information from the Recorded Future Platform. Requires subscription to the Third Party Intelligence Module as well.
  • Connect API - Hash Enrichment - The endpoints found at api.recordedfuture.com/v2/hash which can be used for enriching file hashes with risk information from the Recorded Future Platform. Requires subscription to SecOps Intelligence or Threat Intelligence as well.
  • Connect API - Malware - The endpoints found at api.recordedfuture.com/v2/malware which can be used for enriching malware families with risk information from the Recorded Future Platform. Requires subscription to SecOps Intelligence or Threat Intelligence as well.
  • Connect API - SOAR - The endpoints found at api.recordedfuture.com/v2/soar which can be used for bulk enriching indicators with risk information from the Recorded Future Platform. Requires subscription to SecOps Intelligence or Threat Intelligence as well.
  • Connect API - URL Enrichment - The endpoints found at api.recordedfuture.com/v2/url which can be used for enriching URLs with risk information from the Recorded Future Platform. Requires subscription to Brand Intelligence, SecOps Intelligence, or Threat Intelligence as well.

Alert

  • Connect API Alert API - The endpoints found at api.recordedfuture.com/v2/alerts which can be used for accessing and updating Alerts (excluding playbook Alerts). Requires subscription to the Module which generates that Alert (i.e. Brand Intelligence for typosquat, Threat Intelligence for custom alert, etc).
  • Playbook Alert API - The endpoints found at api.recordedfuture.com/openapi/playbook-alert.html which can be used to access generated Alerts and update Alerts. Requires subscription to the Module which generates that alert (i.e. Brand Intelligence for Domain Abuse, Vulnerability Intelligence for Vulnerability Alert, etc).

Analyst Notes

  • Connect API Analyst Note API - The endpoints found at api.recordedfuture.com/v2/analystnote which can be used for accessing and submitting analyst notes within your enterprise or accessing Insikt notes which you are licensed for. Note that access to Insikt Notes vs enterprise-specific Analyst Notes are licensed separately.

Advanced APIs

  • Detection Rule API - The endpoints found at api.recordedfuture.com/openapi/detection-rule.html and api.recordedfuture.com/openapi/detection-rule-relation.html which be used for downloading Insikt-written Yara, Sigma, and Snort rules. Requires subscription to SecOps Intelligence or Threat Intelligence as well.
  • Links API - The endpoints found at api.recordedfuture.com/openapi/links.html which can be used for finding technical and Insikt links between entities. Requires subscription to SecOps Intelligence or Threat Intelligence as well.
  • Attack Surface Intelligence Inventory API - The endpoints found at https://docs.securitytrails.com/docs/how-to-use-the-sql-api which can be used to access a series of assets matching the submitted SQL query based on the Hosts and IP asset properties in Surface Browser.

Additional APIs which are licensed as part of their module

  • Attack Surface Intelligence Risk Rule API - The endpoints found at https://docs.securitytrails.com/docs/how-to-use-the-risks-api which can be used to get risk information from your project’s assets for which security issues have been found.
  • Sandbox API - The endpoints under private.tria.ge/api/v0, sandbox.recordedfuture.com/api/v0, or us-sandbox.recordedfuture.com/api/v0 which can be used for submitting files and urls for malware analysis and to obtain the analysis results. This API is included for all customers with SecOps Intelligence or Threat Intelligence Modules as well as the Enterprise Sandbox.
  • Identity API - The endpoints under api.recordedfuture.com/openapi/identity.html. This API is licensed as part of the Identity Intelligence Module only.
  • List API - The endpoints found at api.recordedfuture.com/openapi/list.html which can be used for managing lists within the Recorded Future Platform. List API access is provided to all customers without the need for an additional API license.
  • Entity match API - The endpoints found at api.recordedfuture.com/openapi/entity-match.html which can be used to find Recorded Future entity identifiers for any given named string. This API is included with all API purchases and does not count towards the licensed API counts.