Email Hippo
This Integration is part of the Email Hippo Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.9.0 and later.
This is the Email Hippo integration used to verify email sources as fake emails that were used as part of phishing attacks. . This integration was integrated and tested with version 2.0.1551 of Email Hippo.
Configure Email Hippo in Cortex#
| Parameter | Description | Required |
|---|---|---|
| MORE Server URL (e.g., https://api.hippoapi.com) | True | |
| Email Hippo WHOIS Server URL (e.g., https://api.whoishippo.com) | True | |
| MORE API Key | True | |
| WHOIS API Key | True | |
| Source Reliability | Reliability of the source providing the intelligence data. | False |
| Create relationships | Create relationships between indicators as part of enrichment. | False |
| Trust any certificate (not secure) | False | |
| Use system proxy settings | False |
Commands#
You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
email-hippo-email-quota-get#
Get the email quota from the API.
Base Command#
email-hippo-email-quota-get
Input#
There are no input arguments for this command.
Context Output#
| Path | Type | Description |
|---|---|---|
| EmailHippo.Quota.quotaUsed | String | Total quota used. |
| EmailHippo.Quota.quotaRemaining | String | The remaining quota. |
Command example#
!email-hippo-email-quota-get
Context Example#
Human Readable Output#
Email quota#
Email Quota remaining Email Quota used 99 1
email#
Return email information and reputation.
Base Command#
email
Input#
| Argument Name | Description | Required |
|---|---|---|
| A comma-separated list of email addresses to validate. | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| DBotScore.Indicator | String | The indicator that was tested. |
| DBotScore.Reliability | String | Reliability of the source providing the intelligence data. |
| DBotScore.Score | Number | The actual score. |
| DBotScore.Type | String | The indicator type. |
| DBotScore.Vendor | String | The vendor used to calculate the score. |
| Email.Address | String | The email address of the indicator. |
| Email.Domain | string | The email domain. |
| EmailHippo.Email.Address | String | The email address of the indicator. |
Command example#
!email email=test@example.com
Context Example#
Human Readable Output#
Email test@example.com#
Hippo Trust Score Inbox quality score Result Spam risk score Low DoNotSend result: Unverifiable
reason: DomainIsWellKnownDeaBlock
domain#
Returns domain information and reputation.
Base Command#
domain
Input#
| Argument Name | Description | Required |
|---|---|---|
| domain | The domain to query (CSV). | Required |
Context Output#
| Path | Type | Description |
|---|---|---|
| DBotScore.Indicator | String | The indicator that was tested. |
| DBotScore.Reliability | String | The reliability score of the vendor. |
| DBotScore.Score | Number | The actual score. |
| DBotScore.Type | String | The indicator type. |
| DBotScore.Vendor | String | The vendor used to calculate the score. |
| Domain.Name | String | The name of the domain that was checked. |
| Domain.NameServers | String | Name of the servers of the domain. |
| Domain.UpdatedDate | Date | The date that the domain was last updated. |
| Domain.CreationDate | Date | The creation date of the domain. Format is ISO8601 (i.e.,'2020-04-30T10:35:00.000Z'). |
| Domain.Registrar.Name | String | The name of the registrar. |
| Domain.Registrar.AbuseEmail | String | The email address of the contact for reporting abuse. |
| Domain.Registrar.AbusePhone | String | The phone number of the contact for reporting abuse. |
| Domain.Admin.Country | String | The country of the domain administrator. |
| Domain.Admin.Email | String | The email address of the domain administrator. |
| Domain.Admin.Name | String | The name of the domain administrator. |
| Domain.Admin.Phone | String | The phone number of the domain administrator. |
| Domain.Tech.Country | String | The country of tech administrator. |
| Domain.Tech.Name | String | The name of the tech administrator. |
| Domain.Tech.Email | String | The email of the tech administrator. |
| Domain.Tech.Organization | String | The organization of the tech administrator. |
| Domain.WHOIS.NameServers | String | A CSV string of name servers, for example 'ns1.bla.com, ns2.bla.com'. |
| Domain.WHOIS.CreationDate | Date | The creation date of the domain. Format is ISO8601 (i.e., '2020-04-30T10:35:00.000Z'). |
| Domain.WHOIS.UpdatedDate | Date | The date when the domain was last updated. Format is ISO8601 (i.e., '2020-04-30T10:35:00.000Z'). |
| Domain.WHOIS.ExpirationDate | Date | The expiration date of the domain. |
Command example#
!domain domain=example.com
Context Example#
Human Readable Output#
Domain example.com#
Domain Age Expires On Name servers Registered On Registrar Status Time To Expiry Updated On 0 year(s), 0 month(s), 0 week(s), 0 day(s) {'Address': 'A.example.NET'},
{'Address': 'B.example.NET'}0 year(s), 0 months, 0 week(s), 0 day(s)