Get a Demo

Recorded Future + D3 Smart SOAR

Dynamic Threat Intelligence for Identifying and Disrupting Threats

The Recorded Future Security Intelligence Platform combines analytics with human expertise to unite an unrivaled variety of open source, dark web, technical sources, and original research. D3’s integration with Recorded Future enables automated enrichment of Smart SOAR incidents with precision SecOps intelligence.

Rapidly assess and respond to threats

Eliminate manual gathering of intelligence

Automate triage and enrichment through D3’s Event Pipeline

Get the D3 Integrations Guide

Benefits and Capabilities

D3’s integration team takes the burden of integrations off your hands by building, maintaining, and upgrading the best possible connections between tools. We have closely studied Recorded Future to provide a powerful integration that enables seamless incorporation of threat intelligence into automated workflows.

  • Enrich Smart SOAR incidents with IP, URL, and file reputations
  • Download risk lists from Recorded Future
  • Get vulnerabilities and vulnerability risk lists
  • Automatically ingest associated analyst notes, correlated IOCs, and ATT&CK TTPs
Flowchart depicting the integration process between Recorded Future and D3 Security's Smart SOAR

Use CAse

Alert Enrichment and Investigation

Security teams need easy access to threat intelligence to analyze and investigate incidents without wasting time moving between platforms. When an alert is ingested from a SIEM or other alert source, Smart SOAR queries Recorded Future to get all analyst notes, and high-fidelity intelligence, including risk scores, IOC reputations, links to related IOCs, MITRE TTP information, and links to known campaigns. Then, the analyst can trigger response actions in the Smart SOAR playbook, such as adding URLs and IPs to blocklists.

  • TTP information feeds directly into Smart SOAR’s incident overview area and Monitor Dashboard
  • Ingest risk scores, based on Recorded Future’s dynamic, rule-based analysis
  • Orchestrate your response across hundreds of integrated tools to quickly shut down active threats

Use Case

Potential Phishing Analysis

When a potential phishing email is escalated to Smart SOAR, either through an email protection system or manually by the recipient, Smart SOAR extracts the sender’s domain, the URL of any links in the message, and any attached files. Smart SOAR can then look up those entities in Recorded Future and reveal any associated malicious activity and analysis. Based on the result, Smart SOAR will then trigger an automated response playbook to block the IP, blacklist the sender, scan endpoints for the malicious file, and orchestrate any other appropriate actions.

  • Send URLs and attachments to Recorded Future’s sandbox from the Smart SOAR playbook
  • Retrieve sandbox reports as attachments in the Smart SOAR investigation dashboard
  • Delete malicious emails from inboxes across the company via integrations with email systems

Why Smart SOAR?

Joint users of Recorded Future and D3 Smart SOAR don’t just get automated threat intelligence enrichment and phishing analysis; they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:

Expert-built codeless integrations across the stack

Tier 1–3 automation, based on deep research into the capabilities of common tools

The Event Pipeline, which reduces alert volume by up to 98%

Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts

Recorded Future Integration: Summary

Key Details
Automated intelligence enrichment
Developed and maintained by D3
Drag integration into visual playbooks
Test integration from playbook
Integrated sandbox for malware detonation

Integrations Done the Right Way

An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.

See All Integrations