• Readme docs for the Connect API moved to a separate section
• Swagger UI for the Connect API, located at https://api.recordedfuture.com/v2/ has been updated to OpenAPI v3

New version of Malware Intelligence API released.

• Add more fields to static report section
• Removed the field dynamic.dumped.name

New version of Malware Intelligence API released.

• Add Auto Sigma support

• Changed max limit for /v1/reports endpoint to 10.

2025-08-11

Added functionality to manage static assets within ASI Projects.

• Bulk Static Asset Management – Added POST/projects/{project_id}/rules/_bulk_static_assets endpoint to add or remove up to 1000 static asset rules in a single request.
• Static Asset Listing – Enhanced GET/projects/{project_id}/rules/static_assets to filter by asset, static_type, membership_type, last_applied_before, and last_applied_after.

New version of Malware Intelligence API released.

• Add query as optional input when creating job, storing it as metadata for the job
• Add editJob endpoint to Auto-Yara

• API documentation moved from api.recordedfuture.com/v2 to api.recordedfuture.com/alert
• Updated URL paths at https://docs.recordedfuture.com to point to new URLs
• All traffic to the old api.recordedfuture.com/v2 Alert endpoints is now redirected to api.recordedfuture.com/alert
• No changes to request or response shapes

2025-06-30

Added Bulk Malware Report alert lookup endpoint to Playbook Alert API.

2025-04-29

Added malware report alert notification endpoint to Playbook Alert API.

New Malware Intelligence API available at https://api.recordedfuture.com/malware-intelligence.

• New field in response on invalid IOCs. More lax validation of IOCs and if any valid ones are present in the request they will be processed. The invalid ones will be returned in a list in the response called dropped.
• Any detections exceeding the default maximum number of detections of 100k burst or ~1 detections/second will also be present in the dropped response.