Skip to main content

Workflow Template: Recorded Future - File Hash Enrichment with Cache

Receive a file hash from a parent workflow and query Recorded Future for its reputation.

Updated today

The "Recorded Future - File Hash Enrichment with Cache" workflow template is designed to enhance threat intelligence by analyzing file hashes. It receives a file hash from a parent workflow and checks if its reputation is cached locally. If not, it queries Recorded Future for a comprehensive reputation analysis. This workflow optimizes threat detection by leveraging cached data for efficiency and querying external sources for up-to-date intelligence, making it ideal for security operations seeking to streamline threat assessment processes.

Take Me to the Template

Optional Triggers

["This workflow is intended to be used as a function."]

Use Cases

Function , Threat Intelligence Enrichment

Workflow Breakdown

  1. Trigger the workflow and provide a file hash.

  2. Lookup global variables to see if the hash reputation has been saved in the past 24 hours.

  3. If reputation is found on local cache, the saved data is returned to the parent workflow.

  4. When no reputation is found cached, a summary of the analysis data is created and saved with the original api data.

Vendors

Utils, Recorded Future, Torq

Workflow Output

Returns full analysis data and a summary of the information.

Tips

  • Set "Provide Raw Data Analysis" to true or false to add or remove original vendor information to the output.

Related Articles
Workflow Template: Recorded Future - Domain Enrichment with Cache
Workflow Template: Pangea - Domain Enrichment with Cache
Workflow Template: Recorded Future - URL Enrichment with Cache
Workflow Template: Pangea - File Hash Enrichment with Cache
Workflow Template: Recorded Future - IP Address Enrichment with Cache
Did this answer your question?