Skip to main content
All CollectionsTemplatesBasic
Recorded Future - IP Address Enrichment with Cache - Workflow Template
Recorded Future - IP Address Enrichment with Cache - Workflow Template

Receive an IP address from a parent workflow and query Recorded Future for its reputation.

Updated over a week ago

This Torq workflow template is designed for automating threat intelligence enrichment by assessing the reputation of an IP address. The workflow initially checks for cached reputation data to avoid redundant lookups. If no data is cached, it reaches out to Recorded Future to retrieve the IP address's reputation information, summarizes it, and updates the cache. This ensures efficient use of resources and timely access to threat intelligence for ongoing security analysis and incident response.

Optional Triggers

"This workflows is intended to be used as a function."

Use Cases

Function, Threat Intelligence Enrichment

Workflow Breakdown

  1. Trigger the workflow and provide an IP Address.

  2. Lookup global variables to see if IP addresse's reputation has been saved in the past 24 hours.

  3. If reputation is found on local cache, the saved data is returned to the parent workflow.

  4. When no reputation is found cached, a summary of the analysis data is created and saved with the original api data.

Vendors

Utils, Recorded Future, Torq

Workflow Output

Returns full analysis data and a summary of the information.

Tips

Set \"Provide Raw Data Analysis\" to true or false to add or remove original vendor information to the output

Did this answer your question?