Skip to main content

Ironscales

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

IRONSCLAES, a self-learning email security platform integration

Configure Ironscales on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Ironscales.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    Server URL (e.g. https://appapi.ironscales.com)True
    API KeyTrue
    Company IdTrue
    Scopes (e.g. "company.all")True
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Fetch incidentsFalse
    Incident typeFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

ironscales-get-incident#


Get incident data by ID.

Base Command#

ironscales-get-incident

Input#

Argument NameDescriptionRequired
incident_idIncident ID.Required
company_idCompany ID.Optional

Context Output#

PathTypeDescription
Ironscales.Incident.incident_idstringIncident id.
Ironscales.Incident.attachmentsstringEmail attachments
Ironscales.Incident.banner_displayedstringEmail banners.
Ironscales.Incident.classificationstringCurrent classification(FP,Phishing,Spam,Report).
Ironscales.Incident.company_idstringCompany ID.
Ironscales.Incident.company_namestringCompany name.
Ironscales.Incident.federationstringFederation data.
Ironscales.Incident.first_reported_bystringFirst reporter.
Ironscales.Incident.first_reported_datestringReported date.
Ironscales.Incident.linksstringLinks.
Ironscales.Incident.mail_serverstringMail server.
Ironscales.Incident.reply_tostringReply to.
Ironscales.Incident.reportsstringReports data.
Ironscales.Incident.sender_emailstringSender email.
Ironscales.Incident.sender_is_internalboolean
Ironscales.Incident.sender_reputationstringSender reputation.
Ironscales.Incident.spf_resultunknown
Ironscales.Incident.themis_probanumberThemis proba.
Ironscales.Incident.themis_verdictstringThemis verdict.

ironscales-classify-incident#


Classify incident by ID.

Base Command#

ironscales-classify-incident

Input#

Argument NameDescriptionRequired
incident_idIncident ID.Optional
classificationClassification. Possible values are: Attack, Spam, False Positive.Optional
prev_classificationCurrent incident classification. Possible values are: Attack, Spam, False Positive, Report.Optional
emailYour Email Address.Optional

Context Output#

PathTypeDescription
Ironscales.classifyincidnetbooleanClassification succeeded

ironscales-get-open-incidents#


Get open incident ids.

Base Command#

ironscales-get-open-incidents

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
Ironscales.OpenIncidents.incident_idsunknownList of open incidents IDs.