2023_0523 - Third-Party Screenshot

Cisco for Recorded Future

Recorded Future integrates with Cisco XDR to accelerate time to detect and investigate threats.

The Recorded Future integration with Cisco XDR allows you to enrich cyber observables with high-confidence intelligence collected by Recorded Future. It displays the vulnerabilities of a cyber observable, based on the combined evidence from Recorded Future. This integration allows you to query IPv4, IPv6, SHA-1, SHA-256, MD5, domain, and URL data types and it returns verdicts, judgements, indicators, and sightings.

Challenges Overcome through Integration:

This integration with Cisco SecureX enables a user in SecureX to determine the maliciousness of verdicts for an observable, based on combined evidence. The user can then pivot to Recorded Future for broader searching. This integration provides value for both SecureX and Recorded Future. A platform approach confidently tackles the most pressing security operation challenges. This Recorded Future integration for Cisco SecureX provides:

  • Simplicity: Integrate technology together with true turnkey interoperability.
  • Visibility: Accelerate time to detect and investigate threats and maintain contextual awareness.


  • Enables analysts to instantly enrich IOCs in the case record.
  • Tasks to quickly reference the available data and support condition-based subsequent actions.
  • Provide one-off tasks within the case record to avoid the time lost working multiple windows, systems or sites.

Use Cases:

  • From Cisco XDR (UI or Ribbon), query Recorded Future for observables (IP, IPv6, Domain, URL, MD5, SHA1, SHA256) and return verdicts to Cisco XDR threat response, based on the Risk Score.
  • From an Observable, within Cisco XDR threat response (UI or browser ribbon), allow the user to pivot into Recorded Future for additional TI or investigative functions.
Request Meeting