rf-enrich-url
Query threat information for a single URL using Recorded Future API.
Syntax
rf-enrich-url [profile=PROFILE] value=VALUE
- profile=PROFILE
- Optional. Recorded Future connect profile code
- value=VALUE
- Required. URL to enrich
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| entity | String | Entity | URL |
| entity_type | String | Entity Type | Entity type (URL) |
| risk_score | Integer | Risk Score | Overall risk score (0-99) |
| risk_level | Integer | Risk Level | Overall risk level (1-4) |
| c2_score | Integer | C2 Score | C2 context score |
| phishing_score | Integer | Phishing Score | Phishing context score |
| public_score | Integer | Public Score | Public threat score |
| public_rule | String | Public Rule | e.g. Historically Detected Malware Distribution |
| evidences | List | Evidences | Evidence list with keys: signature, rule, level, count, description, mitigation, sightings, timestamp |