IsItPhishing
This Integration is part of the IsItPhishing Pack.#
Collaborative web service that provides validation on whether a URL is a phishing page or not by analyzing the content of the webpage.
Configure IsItPhishing on Cortex XSOAR#
Navigate to Settings > Integrations > Servers & Services.
Search for IsItPhishing.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Server URL (e.g. https://192.168.0.1) False Customer's name True Customer's License True Use system proxy settings False Trust any certificate (not secure) False Source Reliability Reliability of the source providing the intelligence data. False Click Test to validate the URLs, token, and connection.
Commands#
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
url#
Checks if URL is phishing
Base Command#
url
Input#
| Argument Name | Description | Required |
|---|---|---|
| url | URL to be checked if phishing. | Required |
| force | Set true to analyze URL, or false to check whether URL may cause collateral damage to the end user. Default is false. | Optional |
| smart | Set true to force checks on URLs that may cause collateral damage to the end user, or false to ignore the argument. Default is true. | Optional |
| area | The regional area to force using a proxy. | Optional |
| timeout | Timeout in milliseconds. Default value set to 10000, with a minimum value of 1000. Once timeout is reached, TIMEOUT response is returned. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| URL.Status | unknown | URL identification result. |
| URL.Url | unknown | The URL that was tested. |
| URL.Malicious.Vendor | unknown | For malicious URLs, the vendor that made the decision. |
| URL.Malicious.Description | unknown | For malicious URLs, the reason for the vendor to make the decision. |
| DBotScore.Indicator | unknown | The indicator that was tested. |
| DBotScore.Type | unknown | The indicator type. |
| DBotScore.Vendor | unknown | The vendor used to calculate the score. |
| DBotScore.Score | unknown | The actual score. |