Recorded Future Custom Connector updates for ThreatQ

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Recorded Future Custom Connector updates for ThreatQ

POSTED BY JULIAN DEFRONZO

We have made significant changes to ThreatQ’s Recorded Future Custom Connector to support Recorded Future’s new API changes and additional risk lists. By pulling in additional data from the new risk lists, the ThreatQ threat library becomes more robust and allows for greater context and prioritization.

 

 

Additional Risk List Support

In addition to the previously supported High Risk IP list, we’ve now added support for all of the remaining Recorded Future Risk Lists including Domain, Hash and Vulnerability.

Domain Risk List – Imports domains as FQDN indicators, along with risk scores and evidence as associated attributes.

Figure 1: FQDN Indicator from Recorded Future

 

Hash Risk List – Imports hashes as their specified algorithm type (SHA-256, MD-5, etc.), along with risk scores and evidence as associated attributes.

Figure 2: MD5 Indicator from Recorded Future

 

Vulnerability Risk List – Imports vulnerabilities (CVEs, Microsoft Security Bulletins, Red Hat Security Announcements, etc.) as String indicators, along with risk scores and evidence as associated attributes

Figure 3: CVE (as String) Indicator from Recorded Future

 

 

Setup

Once you have the new connector installed, simply navigate to Incoming Feeds » ThreatQ Labs to configure the connector settings:

  1. Enter your Recorded Future token
  2. Specify what risk lists you want to poll in comma-separated format. Valid values are hash, vulnerability, ip, and domain.

Figure 4: Recorded Future Custom Connector Settings

 

Then rerun the connector to start pulling in the configured risk list data, as shown below:

To learn more about how ThreatQ and Recorded Future work together, read about Project Honey Maid.

The post Recorded Future Custom Connector updates for ThreatQ appeared first on ThreatQuotient.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
85 Followers
About ThreatQuotient
ThreatQuotient™ understands that the foundation of intelligence-driven security is people. The company’s open and extensible threat intelligence platform, ThreatQ, provides defenders with the context, customization and collaboration needed to ensure that intelligence is accurate, relevant and timely to their business. Leading global companies are using ThreatQ as the cornerstone of their threat operations and management system, increasing security effectiveness and efficiency. For more information, visit http://www.threatquotient.com.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel