Skip to main content
All CollectionsTemplatesBasic
Enrich Hashes, CVEs and IP Addresses with Recorded Future - Workflow Template
Enrich Hashes, CVEs and IP Addresses with Recorded Future - Workflow Template

Receive a message with one or more CVEs, SHA256 hashes or suspicious IP addresses from Slack and enrich the data with Recorded Future.

Updated over a week ago

This Torq workflow template is designed to enhance threat intelligence by extracting and enriching potential indicators of compromise (IOCs) from Slack messages. Upon receiving a Slack message with possible CVEs, SHA256 hashes, or suspicious IP addresses, the workflow confirms the provided IOCs with the message sender, then leverages Recorded Future for enrichment details. The results, including any associated risks and intelligence, are subsequently reported back in the Slack thread, providing a seamless and immediate analysis of potential security threats within the communication platform.

Take Me to the Template

Trigger

Slack

Use Cases

Threat Intelligence Enrichment

Workflow Breakdown

  1. Receive Slack message and extract all IOCs

  2. Confirm the extracted IOCs with requesting user

  3. Enrich CVE detail if provided in the event and reply back to the Slack thread

  4. Enrich Hash detail if provided in the event and reply back to the Slack thread

  5. Enrich IP detail if provided in the event and reply back to the Slack thread

  6. Updates to the thread via Slack with intelligence gathered from Recorded Future

Vendors

Slack, Utils, Recorded Future

Workflow Output

Updates to the thread via Slack with intelligence gathered from Recorded Future.

Related Articles
Enrich New Cybereason MalOps File Hash Detail - Workflow Template
Advanced Upload of the Latest Recorded Future IOCs to Cybereason - Workflow Template
Upload Latest Recorded Future IOCs to Cybereason - Workflow Template
Recorded Future - IoC Enrichment - Workflow Template
Recorded Future - File Hash Enrichment with Cache - Workflow Template
Did this answer your question?