Skip to main content
All CollectionsTemplatesBasic
Recorded Future - File Hash Enrichment with Cache - Workflow Template
Recorded Future - File Hash Enrichment with Cache - Workflow Template

Receive a file hash from a parent workflow and query Recorded Future for its reputation.

Updated over 6 months ago

This Torq workflow template provides an efficient method for threat intelligence enrichment by analyzing the reputation of a file hash. It does so by first checking if the reputation data is cached locally, saving time and resources if the information has been accessed within the past 24 hours. When cached data is unavailable, it queries Recorded Future to retrieve and cache the hash's reputation, ensuring that subsequent requests are rapidly fulfilled. This optimizes the enrichment process as part of a comprehensive cybersecurity strategy.

Optional Triggers

"This workflows is intended to be used as a function."

Use Cases

Function, Threat Intelligence Enrichment

Workflow Breakdown

  1. Trigger the workflow and provide a file hash.

  2. Lookup global variables to see if the hash reputation has been saved in the past 24 hours.

  3. If reputation is found on local cache, the saved data is returned to the parent workflow.

  4. When no reputation is found cached, a summary of the analysis data is created and saved with the original api data.

Vendors

Utils, Recorded Future, Torq

Workflow Output

Returns full analysis data and a summary of the information.

Tips

Set \"Provide Raw Data Analysis\" to true or false to add or remove original vendor information to the output

Did this answer your question?