Synapse-RecordedFuture Changelog

v0.8.1 - 2024-05-15


  • Fix an issue where invalid malware name values were not handled properly.

v0.8.0 - 2024-03-13

Features and Enhancements

  • Update $lib.bytes usage with $lib.axon APIs.

v0.7.0 - 2024-02-20

Features and Enhancements

  • Set the :ext:id and :url properties on media:news nodes created when ingesting analyst notes.

  • Update “sightings” ingest to handle sightings which have no associated URL.

  • Update deprecated $lib.dict() usage to JSON style syntax.

v0.6.0 - 2024-02-06

Features and Enhancements

  • Add recordedfuture.sandbox.setup.fakenet command to define IPv4 ranges to exclude from the ingest for all sandbox commands.

v0.5.1 - 2023-11-01


  • Fix an issue where sandbox results containing flows with no start or end times were not handled correctly.


  • Caching has been removed from the recordedfuture.riskrules,, recordedfuture.enrich, recordedfuture.corefs, and recordedfuture.ip.geo commands, so the --asof argument has been deprecated and will no longer have any effect.

This release contains an automatic cache cleanup that will run when the package is first upgraded. This will remove cached API response data from the jsonstor for commands which no longer perform caching.

v0.5.0 - 2023-10-05

Features and Enhancements

  • Add command to search for and ingest analyst notes from Recorded Future.

v0.4.0 - 2023-08-18

Features and Enhancements

  • Add recordedfuture.sandbox.sample.ingest command for ingesting results from a sample by ID.

  • Add power-ups.recordedfuture.sandbox.submit permission to control which users are allowed to submit samples.


  • Fix an issue where URL submissions from the Recorded Future Sandbox were not successfully being ingested.

v0.3.0 - 2023-07-21

NOTE: Recorded Future Sandbox requires a separate API key.

Features and Enhancements

  • Add recordedfuture.sandbox.* commands to support interacting with Recorded Future Sandbox.

  • Add recordedfuture.ip.geo command for enriching IP addresses with VPN and Geographical Information.

  • Add recordedfuture.hunting.rules command for ingesting YARA or Snort rules from Recorded Future Hunting Packages.

  • Add recordedfuture.daily.ransomware command for ingesting Daily Ransomware Roundup articles.

  • Risk rules for the vulnerability type can now be ingested with the recordedfuture.riskrules command.

  • Add vulnerability as a search type for the command.

  • The recordedfuture.enrich and recordedfuture.corefs commands now also accept it:sec:cwe and risk:vuln nodes as input.

  • Add vulnerability searching to the search workflow.

v0.2.0 - 2023-03-29

Features and Enhancements

  • Add commands and workflow for ingesting Recorded Future alerts.

  • Add recordedfuture.feed.c2 command for ingesting C2 feeds.

  • Update CyberVulnerabilty entity ingest to create risk:vuln nodes for CVEs.

v0.1.1 - 2022-12-07

NOTE: This release is considered Beta and may be subject to change.


  • Fix an issue where nodes added by saving results from the workflow would be linked to new meta:rule nodes rather than the existing rules created by recordedfuture.risk.rules.

v0.1.0 - 2022-11-16

NOTE: This release is considered Beta and may be subject to change.

Features and Enhancements

  • Add command.

  • Update workflow to allow lifting selected entities in the Research Tool.


  • Fix a typo in the recordedfuture.risk.rules command help.

v0.0.1 - 2022-09-30

NOTE: This release is considered Beta and may be subject to change.

Features and Enhancements

  • Initial release of the Synapse-RecordedFuture Power-Up