The Intelligence Card page summarizes all the threat information fetched and analyzed by Recorded Future on the selected entity.
You can find the Intelligence Cards of the following entity types:
IP Address
URL
Domain
Hash
Vulnerability
The following section describes the components found in the Intelligence Card page.
The Overview tab summarizes the risk information, including Recorded Future risk score and triggered risk rules of the selected entity.
The top of the Overview tab displays the entity that you have drilled forward from the search results.
Selected Entity¶
The Back to Search option redirects you to the search results page.
Back to Search¶
The Recorded Future option redirects you to Recorded Future’s Intelligence Card.
Recorded Future generates a risk score and specific risk-related content by analyzing the level of risk on the threat information gathered from various sources. It analyzes risks based on its own set of risk rules and threat lists. Each risk rule has a criticality, a criticality label, and a risk score. The risk rule is color-coded by the criticality of the threat.
Criticality Label |
Criticality |
Risk Scores |
Color |
|---|---|---|---|
Very Malicious |
4 |
90-99 |
Red |
Malicious |
3 |
65-89 |
Red |
Suspicious |
2 |
25-64 |
Bright Yellow |
Unusual |
1 |
5-24 |
Light Gray |
No current evidence of risk |
0 |
0 |
Light Gray |
Risk Score and Risk-Related Content¶
The gauze chart displays the risk score of the entity.
The Risk Rules observed widget displays the number of triggered risk rules.
The Criticality Label widget displays the severity level of the risk rule.
The First Reference widget displays the earliest report, and the Latest Reference widget displays the most recent report for the selected field.
The ASN widget displays the autonomous system numbers (ASN), which is a unique identifier of each network on the internet.
The Country widget displays the country from where the threat is reported.
Recorded Future has its own set of risk rules that are triggered on the basis of the risk rule evidence found in different sources. The sources include threat feeds and IP reputation lists, security research blogs, social media posts, paste sites, underground forums, and malware analysis services. You can find the triggered risk rules and their details under the Triggered Risk Rules section.
Triggered Risk Rules¶
The Threat Lists tab consists of the lists created by Recorded Future. It creates the list by analyzing its threat intelligence, and collection of threat lists and the whitelists published in the external community. You can find the threat lists for the selected entity under Threat Lists.
Threat Lists¶
The Recent References tab consists of entity references in external sources. These sources include cyber events, paste sites, social media, information security sources, underground forums, and dark web sources. The Recent References section displays the following information for each reference:
Type
Title
Source
Published
Fragment
URL
Recent References¶
Shodan is a search engine for internet-connected devices that enriches the IP Address and Vulnerability Intelligence Cards with its fetched data. Shodan enriches the IP Address Intelligence Card with the following data:
Country
Organization
Operating system
ISP
Last update date
Autonomous system number (ASN)
Known vulnerabilities
Device use tags
Ports
Shodan also displays the geographic location of an IP address in a map.
Map¶
You can find the enriched data for the IP address under General Information, Tags, and Ports.
Enriched Data for IP Address¶
Shodan enriches the Vulnerability Intelligence Card with fetched data from the Exploit Database. You can find the enriched data under the Exploits section.
Enriched Data for Vulnerability¶