Recorded Future Sandbox: Enhanced Region Support and Improved Threat Intelligence Structure

What Changed

Updated Recorded Future solution to version 3.2.19 with two primary enhancements: configurable sandbox regions for malware analysis and restructured threat intelligence indicator imports.

Playbook Enhancements

Added SandboxRegion parameter to sandbox logic apps allowing SOC teams to specify which Recorded Future sandbox region receives file submissions:

• Default: eu (Europe)
• Available options: us (United States), apj (Asia-Pacific)

This addresses deployment flexibility for organizations with data residency requirements or performance optimization needs for different geographic regions.

Threat Intelligence Structure Improvement

Moved Recorded Future evidence details from the labels field to within external_references in threat intelligence indicator imports. This restructuring improves compliance with STIX standard formatting and enhances indicator metadata organization for downstream analysis tools.

Documentation Updates

Enhanced sandbox integration documentation with clearer API key guidance, distinguishing between standard Recorded Future API keys and specialized sandbox tokens. Added specific guidance for Enterprise Sandbox users requiring additional authentication tokens.

Affected Files

Solutions/Recorded Future/Playbooks/IndicatorImport/RecordedFuture-Domain-IndicatorImport/azuredeploy.json
Solutions/Recorded Future/Playbooks/IndicatorImport/RecordedFuture-Hash-IndicatorImport/azuredeploy.json
Solutions/Recorded Future/Playbooks/IndicatorImport/RecordedFuture-IP-IndicatorImport/azuredeploy.json
Solutions/Recorded Future/Playbooks/IndicatorImport/RecordedFuture-URL-IndicatorImport/azuredeploy.json
Solutions/Recorded Future/Playbooks/Sandboxing/RecordedFuture-Sandbox_Enrichment-Url/azuredeploy.json
Solutions/Recorded Future/Playbooks/Sandboxing/RecordedFuture-Sandbox_Outlook_Attachment/azuredeploy.json
Solutions/Recorded Future/Playbooks/Sandboxing/RecordedFuture-Sandbox_StorageAccount/azuredeploy.json
Solutions/Recorded Future/Playbooks/Sandboxing/readme.md
Solutions/Recorded Future/Playbooks/readme.md
(packaging artefacts: 3.2.19.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_RecordedFuture.json, mainTemplate.json)