Skip to main content

Workflow Template: Recorded Future - IP Address Enrichment with Cache

Receive an IP address from a parent workflow and query Recorded Future for its reputation.

Updated today

The "Recorded Future - IP Address Enrichment with Cache" workflow template is designed to enhance threat intelligence by enriching IP addresses with reputation data. It efficiently checks if an IP's reputation has been cached within the last 24 hours, returning cached data if available. If not, it retrieves fresh data from Recorded Future, caches it, and provides a comprehensive analysis. This workflow is ideal for organizations seeking to streamline threat intelligence processes and improve incident response times.

Take Me to the Template

Optional Triggers

["This workflow is intended to be used as a function."]

Use Cases

Function , Threat Intelligence Enrichment

Workflow Breakdown

  1. Trigger the workflow and provide an IP Address.

  2. Lookup global variables to see if IP addresse's reputation has been saved in the past 24 hours.

  3. If reputation is found on local cache, the saved data is returned to the parent workflow.

  4. When no reputation is found cached, a summary of the analysis data is created and saved with the original api data.

Vendors

Utils, Recorded Future, Torq

Workflow Output

Returns full analysis data and a summary of the information.

Tips

  • Set "Provide Raw Data Analysis" to true or false to add or remove original vendor information to the output.

Related Articles
Workflow Template: Recorded Future - Domain Enrichment with Cache
Workflow Template: Recorded Future - URL Enrichment with Cache
Workflow Template: Recorded Future - File Hash Enrichment with Cache
Workflow Template: Pangea - IP Address Enrichment with Cache
Workflow Template: Shodan - IP Address Enrichment with Cache
Did this answer your question?