Skip to main content
All CollectionsTemplatesBasic
Recorded Future Sandbox - URL Analysis with Cache - Workflow Template
Recorded Future Sandbox - URL Analysis with Cache - Workflow Template

Submits an URL to Recorded Future Sandbox for full analysis.

Updated over 7 months ago

This workflow automates URL threat intelligence analysis by utilizing Recorded Future Sandbox in conjunction with local caching to optimize performance. When a URL is submitted, it checks if the reputation data is already stored in the cache from the past 24 hours to avoid unnecessary re-analysis. If the data is not cached, the URL is sent for a fresh analysis, and the resultant summary, which includes Mitre TTPs, malware family, and observable's type and subtype, is stored in the local cache for future reference. This workflow streamlines the threat intelligence enrichment process and ensures efficient use of resources with the caching mechanism.

Optional Triggers

"This workflows is intended to be used as a function."

Use Cases

Function, Threat Intelligence Enrichment

Workflow Breakdown

  1. Receives an URL from a parent workflow.

  2. Lookup global variables to see if the hash reputation has been saved in the past 24 hours.

  3. If analysis data is found on local cache, the saved data is returned to the parent workflow.

  4. When the URL is not found on cache and there are no previous analysis, then the URL is submitted to analysis.

  5. A summary of the analysis data is created and saved with the original api data.

Vendors

Utils, Torq, Recorded Future Sandbox

Workflow Output

Output information contains Mitre TTPs Summary, malware family and observable's type and subtype as used in Torq Cases.

Tips

Set \"Provide Raw Data Analysis\" to true or false to add or remove original vendor information to the output

Did this answer your question?