Merge pull request #1234 from rpitts-recordedfuture/develop

#1231 Update Recorded Future Analyzer

analyzers/RecordedFuture/README.md

@@ -0,0 +1,27 @@
+This analyzer will return Recorded Future Intelligence for the following datatypes:
+* ip
+* domain
+* fqdn
+* hash
+* url
+
+Enriched observables can display:
+* Risk Summary: Risk Score, Criticality, and link to the Intelligence Card
+* Recorded Future AI Insights
+
+![](assets/RecordedFutureAnalyzerReport.jpg)
+
+* Risk Rules and Evidence Details
+
+![](assets/RiskRulesReport.jpg)
+
+* Technical & Insikt Group Research Links
+
+![](assets/LinksReport.jpg)
+
+* Related Threat Actors
+* Related Attack Vectors
+* Malware Family / Category
+* Related IPs
+* Related Domains
+* Related Hashes

analyzers/RecordedFuture/RecordedFuture.json

@@ -0,0 +1,27 @@
+{
+  "name": "RecordedFuture",
+  "version": "2.0",
+  "author": "Recorded Future",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "dataTypeList": ["ip", "domain", "fqdn", "hash", "url"],
+  "description": "Enrich IP, Domain, FQDN, URL, or Hash with Recorded Future context:  Risk Score, Risk Details, AI Insights, Links, Threat Actor, Attack Vector, Malware Category / Family, and Related Entities (IPs, Domains, and Hashes)",
+  "command": "RecordedFuture/recordedfuture.py",
+  "baseConfig": "RecordedFuture",
+  "configurationItems": [
+    {
+      "name": "key",
+      "description": "API Token",
+      "type": "string",
+      "multi": false,
+      "required": true
+    }
+  ],
+  "registration_required": true,
+  "subscription_required": true,
+  "service_homepage": "https://www.recordedfuture.com/",
+  "service_logo": {
+    "path": "assets/recordedfuture-logo.png",
+    "caption": "logo"
+  }
+}