Skip to main content


This Integration is part of the IsItPhishing Pack.#

Collaborative web service that provides validation on whether a URL is a phishing page or not by analyzing the content of the webpage.

Configure IsItPhishing on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for IsItPhishing.

  3. Click Add instance to create and configure a new integration instance.

    Server URL (e.g.
    Customer's nameTrue
    Customer's LicenseTrue
    Use system proxy settingsFalse
    Trust any certificate (not secure)False
    Source ReliabilityReliability of the source providing the intelligence data.False
  4. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Checks if URL is phishing

Base Command#



Argument NameDescriptionRequired
urlURL to be checked if phishing.Required
forceSet true to analyze URL, or false to check whether URL may cause collateral damage to the end user. Default is false.Optional
smartSet true to force checks on URLs that may cause collateral damage to the end user, or false to ignore the argument. Default is true.Optional
areaThe regional area to force using a proxy.Optional
timeoutTimeout in milliseconds. Default value set to 10000, with a minimum value of 1000. Once timeout is reached, TIMEOUT response is returned.Optional

Context Output#

URL.StatusunknownURL identification result
URL.UrlunknownThe URL that was tested
URL.Malicious.VendorunknownFor malicious URLs, the vendor that made the decision
URL.Malicious.DescriptionunknownFor malicious URLs, the reason for the vendor to make the decision
DBotScore.IndicatorunknownThe indicator that was tested
DBotScore.TypeunknownThe type of the indicator
DBotScore.VendorunknownVendor used to calculate the score
DBotScore.ScoreunknownThe actual score