rf-enrich-hash
Query threat information for a single file hash using Recorded Future API.
Syntax
rf-enrich-hash [profile=PROFILE] value=VALUE
- profile=PROFILE
- Optional. Recorded Future connect profile code
- value=VALUE
- Required. File hash to enrich (MD5, SHA1, SHA256)
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| entity | String | Entity | File hash |
| entity_type | String | Entity Type | e.g. Hash |
| risk_score | Integer | Risk Score | Overall risk score (0-99) |
| risk_level | Integer | Risk Level | Overall risk level (1-4) |
| c2_score | Integer | C2 Score | C2 context score |
| phishing_score | Integer | Phishing Score | Phishing context score |
| public_score | Integer | Public Score | Public threat score |
| public_rule | String | Public Rule | e.g. Linked to Malware |
| evidences | List | Evidences | Evidence list with keys: signature, rule, level, count, description, mitigation, sightings, timestamp |