Prerequisites
/
Wire memory
/
Define agent
/
Run task
Agent Integration Guide

CrewAI Memory Integration

Give your CrewAI analyst agents persistent CTI memory. They'll query ThreatRecall's knowledge graph mid-task, remember what they found across turns, and produce richer investigations.

Time: ~10 minutes
Works with: CrewAI Python 0.3+
Prereqs: CrewAI installed, API key ready

What you'll need

  • Python 3.9 or later
  • CrewAI installed (pip install crewai)
  • A ThreatRecall API key from your dashboard
  • Some data in your ThreatRecall workspace (actors, CVEs, or IOCs)

Step-by-step setup

Step 1
Install the ThreatRecall adapter

Install the Python adapter in your project.

Terminal 
pip install @threatrecall/langchain-adapter
The adapter is installed and can now be imported in your Python scripts.
Step 2
Wire ThreatRecall as CrewAI memory

Import the retriever and wire it as your agent's memory backend.

File: crew_setup.py 
from crewai import Agent, Crew, Task
from threatrecall_langchain import ThreatRecallMemoryRetriever

# Configure the retriever with your workspace credentials
memory_retriever = ThreatRecallMemoryRetriever(
    api_key="your_api_key_here",
    workspace_url="https://app.threatrecall.ai",
    top_k=5,
    min_confidence=0.3,
)
The retriever is configured. Now create your analyst agent that uses it.
Step 3
Define your analyst agent

Create a CrewAI agent with ThreatRecall as its primary source of CTI knowledge.

File: crew_setup.py (continued) 
analyst = Agent(
    role="Senior Threat Intelligence Analyst",
    goal="Deliver accurate, evidence-backed threat assessments",
    backstory="You are a SOC analyst with years of experience correlating CTI data.",
    verbose=True,
    memory=True,  # Enable agent memory
    tools=[],  # Will use ThreatRecall via the retriever below
)

# Attach the retriever to the agent — CrewAI calls this on every turn
analyst.retriever = memory_retriever
Your analyst agent is configured. It will query ThreatRecall on each task and accumulate findings in memory across multiple turns.
Step 4
Create an investigation task

Define a task that asks the agent to use ThreatRecall for real intelligence work.

File: crew_setup.py (continued) 
investigation = Task(
    description="Research all known threat actors exploiting CVE-2021-44228 (Log4Shell). "
                   "For each actor, identify their TTPs, associated campaigns, and any IOCs. "
                   "Use ThreatRecall to retrieve the relevant data.",
    agent=analyst,
    expected_output="A structured report with actor names, TTPs, campaigns, and IOCs.",
)

# Run the crew
crew = Crew(agents=[analyst], tasks=[investigation])
result = crew.kickoff()

print(result)
The crew runs the investigation task. The agent queries ThreatRecall's knowledge graph, retrieves relevant actors and relationships, and compiles them into the report.
Step 5
Run your first investigation

Run the script and watch the agent work.

Terminal 
python crew_setup.py
The agent queries ThreatRecall, finds relevant CTI in your workspace, and generates a structured report. If no results appear, verify your workspace has Log4Shell-related data.

Memory across turns

CrewAI agents with memory=True accumulate context from each task. ThreatRecall enriches this by providing structured CTI on every query — so the agent doesn't start cold on each turn.

How it works 
# Turn 1: Agent asks "Who exploits Log4Shell?"
# → ThreatRecall returns: APT-41, Lazarus Group, Volt Typhoon
# → This context is stored in CrewAI's memory

# Turn 2: Agent asks "Show me their TTPs"
# → Agent already knows the actors → can query TTPs directly
# → ThreatRecall returns MITRE ATT&CK techniques for each actor

Troubleshooting

Problem: "module not found" error
Fix: Run pip install @threatrecall/langchain-adapter in your project environment. If using a virtual environment, make sure it's activated.
Problem: Agent returns empty results
Fix: Check that your ThreatRecall workspace has data. Try a broad query like "malware" directly in your dashboard first. Also verify your API key is correct.
Problem: Crew hangs or times out
Fix: Set OPENAI_API_KEY environment variable (CrewAI uses it by default for the underlying model). If you need to use a different model, check CrewAI's model configuration docs.