Demisto Integration | Recorded Future

Demisto Integration



Demisto is a popular Security Orchestration and Automation Response (SOAR) platform.  With it, security teams create standardized, automated, and coordinated responses across their entire security product stack. Playbooks that automate common procedures are enabled by thousands of security actions from a large ecosystem of partners make scalable, accelerated incident response a reality. 

Available Functionality

The Demisto integration includes four actions:

  • IP address reputation lookup
  • Domain reputation lookup 
  • File hash reputation lookup
  • Related entities for an IP address, domain, or file hash




How to enable the integration

The integration is available directly from Demisto (  Enabling the integration requires a valid Recorded Future API token.  Instructions for generating a Recorded Future API token are found on this support page.  

For More Information

More information about this integration, including suggested use cases for enrichment and interactive investigation of complex threats, is available on this blog written by Demisto.