Recorded Future
- Jonas Gonzalez
Recorded Future is the world's largest intelligence company with complete coverage across adversaries, infrastructure, and targets.
Connect Recorded Future with Devo SOAR
Navigate to Automations > Integrations.
Search for Recorded Future.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
X-RFToken: X-RFToken for the Recorded Future API.
After you've entered all the details, click Connect.
Search Playbook Alert
Searches for Playbook Alerts based on filtering conditions supplied in the body. Not specifying a filter for a property means the filter will match a Playbook Alert regardless of the property's value. Only Playbook Alerts matching all specified criteria are included in the response.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Filters | Jinja-templated JSON containing the filters. Example: '{"from": 0,"limit": 100,"order_by": "created","direction": "asc","entity": ["idn:mail.google.mail.pl"],"statuses": ["New"]}' | Optional |
Output
JSON containing the following items:
``` {json}{ "data":[ { "playbook_alert_id":"task:dasdf-768c-asdf-9c50-1asdfe725", "created":"2022-06-18T15:53:17.000Z", "updated":"2022-06-18T16:10:00.316Z", "status":"New", "category":"domain_abuse", "priority":"Informational", "title":"XYZ", "owner_id":"ABC", "owner_name":"CNNAME", "organisation_id":"uhash:asdf", "organisation_name":"CNANAME", "owner_organisation_details":{ "organisations":[ { "organisation_id":"uhash:6asdf", "organisation_name":"CNANAME" } ], "enterprise_id":"uhash:random_id", "enterprise_name":"random name" } } ], "has_error":false, "error":null, "status":{ "status_code":"Ok", "status_message":"Playbook alert search successful" }, "counts":{ "returned":1, "total":1 } }
## Bulk Domain Abuse Alert Lookup
Perform a detailed lookup of data panels for several alerts at once.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :----------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------- |
| Playbook Alert Ids | [Jinja-templated](doc:jinja-template) text containing the comma seperated playbook alert Ids. Example: 'task:5efed6bf-76ef-48d1-91f9-3749f3d73532,task:af4d5068-1548-41ae-bdb6-1232393ddf71' | Required |
| Panels | [Jinja-templated](doc:jinja-template) text containing the comma seperated panels. Example: 'status,action,summary,dns,whois,log' | Optional |
### Output
JSON containing the following items:
``` {json}{
"status":{
"status_code":"Ok",
"status_message":"Playbook alert bulk lookup successful."
},
"data":[
{
"playbook_alert_id":"task:asdf-0asdff228",
"panel_status":{
"entity_id":"idn:asdf.org",
"entity_name":"asdf.org",
"entity_criticality":"0",
"risk_score":0,
"context_list":[
],
"targets":[
],
"status":"New",
"priority":"Informational",
"created":"2022-06-02T00:40:45.993Z",
"updated":"2023-01-20T00:22:11.114Z",
"case_rule_id":"report:asdfE",
"case_rule_label":"Domain Abuse",
"owner_id":"uhash:asdf",
"owner_name":"qwer",
"organisation_id":"uhash:asdf",
"organisation_name":"qwer",
"owner_organisation_details":{
"organisations":[
{
"organisation_id":"uhash:6asdf",
"organisation_name":"qwer"
}
],
"enterprise_id":"uhash:asdf",
"enterprise_name":"qwer"
}
},
"panel_action":[
],
"panel_evidence_summary":{
"explanation":"Alert was created as a result of a match in the similar domains query",
"resolved_record_list":[
{
"entity":"ip:1.1.1.1",
"risk_score":26,
"criticality":"Medium",
"record_type":"A",
"context_list":[
]
}
],
"screenshots":[
{
"description":"An image associated with the Playbook Alert",
"image_id":"img:asdf86772easdf2c1c",
"created":"2022-08-01T00:43:57.015Z"
}
]
},
"panel_evidence_dns":{
"ip_list":[
{
"entity":"ip:1.1.1.1",
"risk_score":25,
"criticality":"Medium",
"record_type":"A",
"context_list":[
]
}
],
"mx_list":[
],
"ns_list":[
]
},
"panel_evidence_whois":{
"body":[
{
"provider":"asdf",
"entity":"idn:asdf.org",
"attribute":"attr:whois",
"value":{
"privateRegistration":false,
"status":"clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited",
"nameServers":[
"idn:asdf.com"
],
"registrarName":"asdf, LLC",
"createdDate":"2021-01-20T00:00:00.000Z"
},
"added":"2023-01-20T00:22:10.947Z"
}
]
},
"panel_log":[
{
"id":"uuid:asdfdcc3-4236-9f04asdf74b",
"created":"2022-06-02T00:47:27.619Z",
"modified":"2022-06-02T00:47:27.619Z",
"action_priority":"Informational",
"context":{
"type":"domain_abuse",
"changes":[
{
"domain":"idn:asdf.org",
"new":{
"status":"",
"private_registration":true,
"name_servers":[
"idn:asdf.com"
],
"contact_email":"email:asdf@gqwery.com",
"created":"2021-01-20T00:00:00.000Z"
},
"removed_contacts":[
],
"added_contacts":[
{
"type":"administrativeContact",
"telephone":"REDACTED FOR PRIVACY",
"street1":"REDACTED FOR PRIVACY",
"state":"REDACTED FOR PRIVACY",
"postal_code":"REDACTED FOR PRIVACY",
"organization":"REDACTED FOR PRIVACY",
"name":"REDACTED FOR PRIVACY",
"country":"REDACTED FOR PRIVACY",
"city":"REDACTED FOR PRIVACY"
}
],
"type":"whois_change"
}
]
}
}
]
}
],
"error":null,
"has_error":false
}Detail Domain Abuse Alert Data
Retrieve detailed information about a Domain Abuse Playbook Alert with data grouped into UI-ready panels.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Playbook Alert Id | Jinja-templated text containing the playbook alert Id. Example: 'task:5efed6bf-76ef-48d1-91f9-3749f3d73532' | Required |
Panels | Jinja-templated text containing the comma seperated panels. Example: 'status,action,summary,dns,whois,log' | Optional |
Output
JSON containing the following items:
``` {json}{ "status":{ "status_code":"Ok", "status_message":"Playbook alert single lookup successful." }, "data":{ "playbook_alert_id":"task:asdf-0asdff228", "panel_status":{ "entity_id":"idn:asdf.org", "entity_name":"asdf.org", "entity_criticality":"0", "risk_score":0, "context_list":[ ], "targets":[
],
"status":"New",
"priority":"Informational",
"created":"2022-06-02T00:40:45.993Z",
"updated":"2023-01-20T00:22:11.114Z",
"case_rule_id":"report:asdfE",
"case_rule_label":"Domain Abuse",
"owner_id":"uhash:asdf",
"owner_name":"qwer",
"organisation_id":"uhash:asdf",
"organisation_name":"qwer",
"owner_organisation_details":{
"organisations":[
{
"organisation_id":"uhash:6asdf",
"organisation_name":"qwer"
}
],
"enterprise_id":"uhash:asdf",
"enterprise_name":"qwer"
}
},
"panel_action":[
],
"panel_evidence_summary":{
"explanation":"Alert was created as a result of a match in the similar domains query",
"resolved_record_list":[
{
"entity":"ip:1.1.1.1",
"risk_score":26,
"criticality":"Medium",
"record_type":"A",
"context_list":[
]
}
],
"screenshots":[
{
"description":"An image associated with the Playbook Alert",
"image_id":"img:asdf86772easdf2c1c",
"created":"2022-08-01T00:43:57.015Z"
}
]
},
"panel_evidence_dns":{
"ip_list":[
{
"entity":"ip:1.1.1.1",
"risk_score":25,
"criticality":"Medium",
"record_type":"A",
"context_list":[
]
}
],
"mx_list":[
],
"ns_list":[
]
},
"panel_evidence_whois":{
"body":[
{
"provider":"asdf",
"entity":"idn:asdf.org",
"attribute":"attr:whois",
"value":{
"privateRegistration":false,
"status":"clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited",
"nameServers":[
"idn:asdf.com"
],
"registrarName":"asdf, LLC",
"createdDate":"2021-01-20T00:00:00.000Z"
},
"added":"2023-01-20T00:22:10.947Z"
}
]
},
"panel_log":[
{
"id":"uuid:asdfdcc3-4236-9f04asdf74b",
"created":"2022-06-02T00:47:27.619Z",
"modified":"2022-06-02T00:47:27.619Z",
"action_priority":"Informational",
"context":{
"type":"domain_abuse",
"changes":[
{
"domain":"idn:asdf.org",
"new":{
"status":"",
"private_registration":true,
"name_servers":[
"idn:asdf.com"
],
"contact_email":"email:asdf@gqwery.com",
"created":"2021-01-20T00:00:00.000Z"
},
"removed_contacts":[
],
"added_contacts":[
{
"type":"administrativeContact",
"telephone":"REDACTED FOR PRIVACY",
"street1":"REDACTED FOR PRIVACY",
"state":"REDACTED FOR PRIVACY",
"postal_code":"REDACTED FOR PRIVACY",
"organization":"REDACTED FOR PRIVACY",
"name":"REDACTED FOR PRIVACY",
"country":"REDACTED FOR PRIVACY",
"city":"REDACTED FOR PRIVACY"
}
],
"type":"whois_change"
}
]
}
}
]
},"error":null, "has_error":false }
## Screenshot Related to Domain Abuse Alert
Fetch a screenshot associated with the Domain Abuse alert.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :---------------- | :-------------------------------------------------------------------------------------------------------------------------------- | :------- |
| Playbook Alert Id | [Jinja-templated](doc:jinja-template) text containing the playbook alert Id. Example: 'task:5efed6bf-76ef-48d1-91f9-3749f3d73532' | Required |
| Image Id | [Jinja-templated](doc:jinja-template) text containing the image Id. Example: 'img:404basdf-4f23-438c-a27c-aa675asdfda0' | Required |
### Output
JSON containing the following items:
``` {json}{
"result"{
"lhub_file_id": "aiuwehoifsubvixcvuhpoaf"
},
"error":null,
"has_error":false
}Get Incident Reports
Provides an exposure incident report for a single malware log.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Body | Jinja-templated text containing the body for the recorded future API. Example: 'string' | Required |
Output
JSON containing the following items:
``` {json}{ "count": 0, "count_relation": "Equals", "has_error": false, "error": null, "details": {}, "credentials": [] }
Search Credentials Data
Search credentials data for a set of domains.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Body | Jinja-templated JSON containing the body for the recorded future API. Example: '{"limit": 3}' | Optional |
Output
JSON containing the following items:
``` {json}{ "identities": [], "count": 0, "error": null, "has_error": false }
Lookup Credentials Data
Lookup credentials data for a set of subjects.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Body | Jinja-templated JSON containing the body for the recorded future API. Example: '{"subjects": ["test@example.com"]}' | Required |
Output
JSON containing the following items:
``` {json}{ "identities": [], "count": 0, "error": null, "has_error": false }
Search IP
Search for IP address using a variety of filters.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Filter | Jinja-templated JSON containing the filters for the recorded future IP Search API. Check : https://api.recordedfuture.com/v2/#!/IP/IP_Address_Search. Example: '{"fields": "analystNotes,counts,intelCard", "metadata": "true", "limit": 10}'. | Required |
Output
JSON containing the following items:
``` {json}{ "data":{ "results":[ "counts":[{"date":"2023-11-27","count":3}], "intelCard":"https://app.recordedfuture.com/live/sc/entity/ip%3A20.81.157.149", "analystNotes":[] ], "metadata":{ "entries":{ "key":"results", "label":"Results", "type":"list" } } "has_error":false "error":null }
Search Hash
Search for Hash address using a variety of filters.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Filter | Jinja-templated JSON containing the filters for the recorded future Hash Search API. Check : https://api.recordedfuture.com/v2/#!/Hash/Hash_Search. Example: '{"fields": "analystNotes,counts,intelCard", "metadata": "true", "limit": 10}'. | Required |
Output
JSON containing the following items:
``` {json}{ "data":{ "results":[ "counts":[{ "date":"2023-11-27", "count":3 }], "intelCard":"https://app.recordedfuture.com/live/sc/entity/hash%3A1a927e5be8c58da1fc4245a07831d5d431cdd1a91cd35d2dd0ad62da71cd", "analystNotes":[] ], "metadata":{ "entries":{ "key":"results", "label":"Results", "type":"list" } } "has_error":false "error":null }
Check Hash
Retrieve information about a Hash.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Hash | Jinja-templated Text containing the Hash | Required |
Filter | Jinja-templated Filters for the recorded future hash search API. E.g 'fields=risk&metadata=false&taggedText=false' | Required |
Output
JSON containing the following items:
``` {json}{ "data":{ "results":{ "risk":{ "criticalityLabel": "Malicious", "riskString": 1/71, "rules":1, "criticality":1, "riskSummary":"1 of 71 Risk Rules currently observed.", "score":5 } } "has_error":false "error":null }
Check URL
Retrieve information about a URL.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
URL | Jinja-templated Text containing the URL | Required |
Filter | Jinja-templated Filters for the recorded future url search API. E.g 'fields=risk&metadata=false&taggedText=false' | Required |
Output
JSON containing the following items:
``` {json}{ "data":{ "results":{ "traceId":"624b58c3-32bf-47e7-94e8-cf7f40df5e" } "has_error":false "error":null }
Identity Novel Exposures
Retrieve detailed information about a Identity Novel Exposures Playbook Alert with data grouped into UI-ready panels.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Playbook Alert Id | Jinja-templated text containing the playbook alert Id. Example: 'task:5efed6bf-76ef-48d1-91f9-3749f3d73532' | Required |
Panels | Jinja-templated text containing the comma seperated panels. Example: 'status,action,summary,dns,whois,log' | Optional |
Output
JSON containing the following items:
``` {json}{ "status": { "status_code": "Ok", "status_message": "Playbook alert single lookup successful." }, "data": { "playbook_alert_id": "task:fc441-b017-42a6-b8a4-0adad126541c", "panel_status": { "status": "New", "priority": "Moderate", "created": "2023-10-04T07:10:45.461Z", "updated": "2023-10-04T07:11:25.705Z", "case_rule_id": "report:p6nvD-", "case_rule_label": "Cyber Vulnerability", "owner_id": "uhash:09876", "owner_name": "TEST", "organisation_id": "uhash:test", "organisation_name": "TEST", "owner_organisation_details": { "organisations": [ { "organisation_id": "uhash:test", "organisation_name": "TEST" } ], "enterprise_id": "uhash:test", "enterprise_name": "TEST" }, "entity_id": "rzl3", "entity_name": "CVE3-35359", "entity_criticality": "Medium", "risk_score": 33, "lifecycle_stage": "Exploit Likely", "targets": [ { "name": "Microsoft Windows Server 2019" } ] }, "panel_evidence_summary": { "summary": { "targets": [ { "name": "Microsoft Windows Server 2019" } ], "lifecycle_stage": "Exploit Likely", "risk_rules": [ { "rule": "Likely Historical Exploit Development", "description": "1 sighting on 1 source: CTCI Intelligence and Research. This vulnerability is flagged as likely to be exploited soon based on intelligence received on October 04, 2023." } ] }, "affected_products": [ { "name": "Microsoft Windows 10 1607 10.0.14393.4169 on X86" }, ], "insikt_notes": [ { "id": "doc:tE6hDp", "title": "Summary note for CVE-2023-35359", "published": "2023-10-20T21:05:53.378Z", "topic": "Informational", "fragment": "Core impact has added this exploit to their toolset. Several criminal groups use pirated copies of the software. The intelligence was collected from publicly available sources. Naa. A public PoC was validated for this vulnerability. The Admiralty score was A1." } ] }, "panel_log": [ { "id": "uuid:32b9c166-ff6d-49b2-90cd-ae4bdacbc360", "created": "2023-10-04T07:11:25.705Z", "modified": "2023-10-04T07:11:25.705Z", "action_priority": "Moderate", "context": { "type": "cyber_vulnerability", "changes": [] } } ], "panel_log_v2": [ { "id": "uuid:32b9c166-ff6d-49b2-90cd-ae4bdacbc360", "created": "2023-10-04T07:11:25.705Z", "changes": [] } ] } "has_error":false, "error":null }
Code Repo Leakage
Retrieve detailed information about a Code Repository Leakage Playbook Alert with data grouped into UI-ready panels.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Playbook Alert Id | Jinja-templated text containing the playbook alert Id. Example: 'task:5efed6bf-76ef-48d1-91f9-3749f3d73532' | Required |
Panels | Jinja-templated text containing the comma seperated panels. Example: 'status,action,summary,dns,whois,log' | Optional |
Output
JSON containing the following items:
``` {json}{ "status": { "status_code": "Ok", "status_message": "Playbook alert bulk lookup successful." }, "data": [ { "playbook_alert_id": "task:cf201020-16e0-4b3b-a421-8afeaac12d43", "panel_status": { "status": "New", "priority": "Moderate", "assignee_name": "Name", "assignee_id": "uhash:id", "created": "2024-01-15T23:40:14.778Z", "updated": "2024-01-15T23:42:48.231Z", "case_rule_id": "report:id", "case_rule_label": "Data Leakage on Code Repository", "owner_id": "uhash:id", "owner_name": "Name", "organisation_id": "uhash:id", "organisation_name": "Name", "owner_organisation_details": { "organisations": [ { "organisation_id": "uhash:id", "organisation_name": "Name" } ], "enterprise_id": "uhash:id", "enterprise_name": "Name" }, "entity_id": "url:https://github.com/SueMcMetzger/MachineLearning", "entity_name": "https://github.com/SueMcMetzger/MachineLearning", "entity_criticality": "", "risk_score": 0, "targets": [ { "name": "Name Inc" } ] }, "panel_evidence_summary": { "repository": { "id": "url:https://github.com/SueMcMetzger/MachineLearning", "name": "https://github.com/SueMcMetzger/MachineLearning", "owner": { "name": "SueMcMetzger" } }, "evidence": [ { "assessments": [ { "id": "attr:possibleKeyLeak", "title": "Possible Key Leak", "value": "env" }, { "id": "attr:watchListEntityMention", "title": "Watch List Entity Mention", "value": "Name Inc" } ], "targets": [ { "name": "Name Inc" } ], "url": "https://github.com/SueMcMetzger/MachineLearning/commit/6dcf0c646d5", "content": "comment", "published": "2024-01-15T23:35:47.826Z" } ] }, "panel_log": [ { "id": "uuid:id", "created": "2024-01-15T23:42:08.135Z", "modified": "2024-01-15T23:42:08.135Z", "action_priority": "Moderate", "context": { "type": "code_repo_leakage", "changes": [ { "added": [ { "assessments": [ { "id": "attr:possibleKeyLeak", "level": 2, "title": "Possible Key Leak", "text_indicator": "env" }, { "id": "attr:watchListEntityMention", "level": 0, "title": "Watch List Entity Mention", "entity": "I3ZDfr" } ], "document_content": { "id": "doc:uKG2Aq", "tagged_content": "Tag content", "content": "content", "url": "url:url", "owner": "WbzWXK", "published": "2024-01-15T23:35:47.824Z" }, "ontology": [ { "path": [ { "attribute": "attr:Event.entities", "entity": "I3ZDfr" }, { "attribute": "attr:Entity.lists", "entity": "report:dfeB3b" } ] } ], "target_entities": [ "I3ZDfr" ], "watch_lists": [ "report:dfeB3b" ] } ], "type": "evidence_changes" } ] } } ], "panel_log_v2": [ { "id": "uuid:id", "created": "2024-01-15T23:42:08.135Z", "changes": [ { "added": [ { "assessments": [ { "id": "attr:possibleKeyLeak", "level": 2, "title": "Possible Key Leak", "text_indicator": "env" }, { "id": "attr:watchListEntityMention", "level": 0, "title": "Watch List Entity Mention", "entity": { "id": "I3ZDfr", "name": "Name Inc", "type": "Company" } } ], "document": { "id": "doc:uKG2Aq", "content": "coment", "owner_id": "WbzWXK", "published": "2024-01-15T23:35:47.824Z" }, "target_entities": [ { "id": "I3ZDfr", "name": "Name Inc", "type": "Company" } ], "watch_lists": [ { "id": "report:dfeB3b" } ] } ], "type": "evidence_change" } ] } ] } ], "error": null, "has_error": false }
Vulnerability Check
Retrieve detailed information about a Vulnerability Playbook Alert with data grouped into UI-ready panels.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Playbook Alert Id | Jinja-templated text containing the playbook alert Id. Example: 'task:5efed6bf-76ef-48d1-91f9-3749f3d73532' | Required |
Panels | Jinja-templated text containing the comma seperated panels. Example: 'status,action,summary,dns,whois,log' | Optional |
Output
JSON containing the following items:
{json}{
"status": {
"status_code": "Ok",
"status_message": "Playbook alert single lookup successful."
},
"data": {
"playbook_alert_id": "task:fa-8d8e-4346-a3a-fd8e7a4d",
"panel_status": {
"status": "New",
"priority": "Moderate",
"created": "2024-01-01T12:00:50.767Z",
"updated": "2024-01-01T12:00:50.767Z",
"case_rule_id": "report:tS",
"case_rule_label": "Novel Identity Exposure",
"owner_id": "uhash:test",
"owner_name": "TEST",
"organisation_id": "uhash:test",
"organisation_name": "Test",
"owner_organisation_details": {
"organisations": [
{
"organisation_id": "uhash:test",
"organisation_name": "TEST"
}
],
"enterprise_id": "uhash:test",
"enterprise_name": "TEST"
},
"entity_id": "email@TEST.com",
"entity_name": "test",
"targets": [
{
"name": "test"
}
]
},
"panel_evidence_summary": {
"subject": "test",
"authorization_url": "test",
"exposed_secret": {
"type": "clear",
"effectively_clear": true,
"hashes": [
{
"algorithm": "SHA1",
"hash": "8be3c943b1609fffbfc51aad666dc9d"
},
{
"algorithm": "SHA256",
"hash": "e7cf3ef4f17c399902bd38ec221a"
},
{
"algorithm": "NTLM",
"hash": "a4fab6824ee7c30fd852"
},
{
"algorithm": "MD5",
"hash": "dc647e212b3964"
}
],
"details": {
"properties": [
"Letter",
"UpperCase",
"LowerCase",
"AtLeast8Characters"
],
"clear_text_hint": "Pa"
}
},
"compromised_host": {
"exfiltration_date": "2024-01-01T02:05:36.000Z",
"os": "Windows 10 (10.0.22621)",
"os_username": "arunk",
"computer_name": "HP"
},
"malware_family": {
"id": "nlflWX",
"name": "Lumma"
},
"infrastructure": {
"ip": "243.132.143.222"
}
},
"panel_log": [],
"panel_log_v2": []
},
"error": null,
"has_error": false
}
Release Notes
v1.2.2- Added 6 new actions:Identity Novel Exposures Bulk,Identity Novel Exposures,Code Repo Leakage Bulk,Code Repo Leakage,Vulnerability Check BulkandVulnerability Checkv1.2.1- Added 7 new actions:Search IP,Search HASH,Search URL,Check IP,Check HASH,Check URLandCheck Domainv1.1.11- Updated architecture to support IO via filesystemv1.1.9- Added Pagination support inSearch Credentials Dataaction.v1.1.2- Added 6 new actions:Get Incident Reports,Lookup Password for Exposure,Search Credentials Data,Malware Family Statistics,Lookup Credentials DataandSearch Dump Metadata.v1.0.1- Added 4 new actions:Search Playbook Alert,Bulk Domain Abuse Alert Lookup,Detail Domain Abuse Alert DataandScreenshot Related to Domain Abuse Alert.