Skip to main content
All CollectionsTemplatesIntermediate
Advanced Upload of the Latest Recorded Future IOCs to Cybereason - Workflow Template
Advanced Upload of the Latest Recorded Future IOCs to Cybereason - Workflow Template

Pull latest Hashes, IPs and Domains above a specific risk score from Recorded Future and add to the Cybereason reputation list.

Updated over 6 months ago

Protect your digital landscape by employing our 'Advanced Upload of the Latest Recorded Future IOCs to Cybereason' workflow template. This process is designed to enhance your cybersecurity posture by automatically pulling and updating high-risk Indicators of Compromise (IOCs)—such as hashes, IP addresses, and domains—from Recorded Future based on defined thresholds. Each type of indicator is constructed into an array using jq before being uploaded to Cybereason with a configurable expiration time, ensuring that your Endpoint Detection and Response (EDR) system can swiftly identify and respond to emerging threats.

Take Me to the Template

Optional Triggers

Webhook,Slack,"Microsoft Teams"

Use Cases

Endpoint Detection and Response (EDR) , Threat Intelligence Enrichment

Workflow Breakdown

  1. Pull latest IOC's from Recorded Future

  2. For each indicator type(Hash, Domain and IP) build an array with jq to upload to Cybereason

  3. Set an expiration for the IOC on Cybereason based on time interval set in the Workflow Variables step

Vendors

Utils, HTTP, Cybereason, Recorded Future

Workflow Output

Updated IOCs added to the Cybereason reputation list

Related Articles
Enrich New Cybereason MalOps File Hash Detail - Workflow Template
Upload New Threat Intelligence IOCs to Cybereason - Workflow Template
Upload Latest Recorded Future IOCs to Cybereason - Workflow Template
Enrich Hashes, CVEs and IP Addresses with Recorded Future - Workflow Template
Group IoCs From Text Input - Workflow Template
Did this answer your question?