RecordedFuture-Ukraine-IndicatorProcessor
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
[Deprecated] Deprecated due to changes in the Threat Intelligence Platform. Use the new IndicatorImport playbooks that is provided in this Solution. This playbook leverages the Recorded Future API and automatically imports the Ukraine RiskLists, as Threat Intelligence Indicators, for detection purposes in Microsoft Sentinel. This playbook depends on RecordedFuture-ImportToSentinel that need to be installed manually before installing current playbook.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Recorded Future |
| Source | View on GitHub |
Logic App Connectors
This playbook uses 2 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
recordedfuture |
Managed | 0 | 4 |
recordedfuturev2 |
Managed | 1 | 0 |
Action parameters (URLs, paths, function IDs)
recordedfuture (Managed)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| Recorded_Future_RiskLists_and_SCF_Download | get | /fusion/files |
— |
| Recorded_Future_RiskLists_and_SCF_Download_2 | get | /fusion/files |
— |
| Recorded_Future_RiskLists_and_SCF_Download_3 | get | /fusion/files |
— |
| Recorded_Future_RiskLists_and_SCF_Download_4 | get | /fusion/files |
— |
Additional Documentation
📄 Source: Deprecated/RecordedFuture-Ukraine-IndicatorProcessor/readme.md
[DEPRECATED]: Use the new RecordedFuture-ThreatIntelligenceImport playbook. Type: Detection Included in Recorded Future Intelligence Solution: Yes
Retrieves the Risk List - Ukraine Threat List of Related IOCs (requires login), and adds the IOCs to the ThreatIntelligenceIndicator table.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊