rf-risk-ip-indicators
Fetch IP risk indicators from Recorded Future.
Syntax
rf-risk-ip-indicators [profile=PROFILE] [list=LIST]
- profile=PROFILE
- Optional. Recorded Future connect profile code
- list=LIST
- Optional. Risk list type (default, large, botnet, malwareDelivery, phishingHost, c2, tor)
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| profile | String | Profile | Recorded Future connect profile code |
| ip | IP address | IP address | Risky IP address |
| risk_score | Integer | Risk score | Risk score (0-99) |
| risk_string | String | Risk string | Triggered rules / Total rules (e.g., 11/87) |
| evidence_details | List | Evidence details | List of evidence details |