Skip to main content
All CollectionsTemplatesBasic
Recorded Future - IoC Enrichment - Workflow Template
Recorded Future - IoC Enrichment - Workflow Template

Extracts multiple observables from raw text and performs enrichment for each observable on RecordedFuture.

Updated over 6 months ago

This workflow template extracts and enriches indicators of compromise (IoCs) from raw text data for threat intelligence purposes. It identifies observables within the text, such as file hashes, IP addresses, domains, and URLs, and uses Recorded Future to perform an enrichment analysis on each observable, increasing the context and understanding of potential threats. Ideal for incident response teams, the workflow enhances analytical capabilities by providing enriched IoC data in a structured output for improved identification and analysis of security threats.

Optional Triggers

"This workflow is intended to be used as a nested workflow."

Use Cases

Function, Threat Intelligence Enrichment

Workflow Breakdown

  1. Receives raw text and input and extracts multiple observables from it.

  2. Check if extracted observables contains file hashes, ip addressess, domains, or URLs.

  3. For each extracted observables, query Recorded Future for enrichment.

Vendors

Scripting, Utils, Recorded Future, Torq

Workflow Output

A list of analysis results. Each item can contain the original analysis data and a summary.

Tips

Set \"Provide Raw Data Analysis\" to true or false to add or remove original vendor information to the output

Did this answer your question?