Skip to main content
All CollectionsTemplatesIntermediate
Advanced Upload of the Latest Recorded Future IOCs to Cybereason - Workflow Template
Advanced Upload of the Latest Recorded Future IOCs to Cybereason - Workflow Template

Pull latest Hashes, IPs and Domains above a specific risk score from Recorded Future and add to the Cybereason reputation list.

Updated over a week ago

Protect your digital landscape by employing our 'Advanced Upload of the Latest Recorded Future IOCs to Cybereason' workflow template. This process is designed to enhance your cybersecurity posture by automatically pulling and updating high-risk Indicators of Compromise (IOCs)—such as hashes, IP addresses, and domains—from Recorded Future based on defined thresholds. Each type of indicator is constructed into an array using jq before being uploaded to Cybereason with a configurable expiration time, ensuring that your Endpoint Detection and Response (EDR) system can swiftly identify and respond to emerging threats.

Optional Triggers

Webhook,Slack,"Microsoft Teams"

Use Cases

Endpoint Detection and Response (EDR) , Threat Intelligence Enrichment

Workflow Breakdown

  1. Pull latest IOC's from Recorded Future

  2. For each indicator type(Hash, Domain and IP) build an array with jq to upload to Cybereason

  3. Set an expiration for the IOC on Cybereason based on time interval set in the Workflow Variables step

Vendors

Utils, HTTP, Cybereason, Recorded Future

Workflow Output

Updated IOCs added to the Cybereason reputation list

Did this answer your question?