OpenPhish uses proprietary Artificial Intelligence algorithms to automatically identify zero-day phishing sites and provide comprehensive, actionable, real-time threat intelligence.
Navigate to Settings > Integrations > Servers & Services.
Search for OpenPhish v2.
Click Add instance to create and configure a new integration instance.
Parameter Description Required https Use HTTPS connection False fetchIntervalHours Database refresh interval (hours) False proxy Use system proxy settings False insecure Trust any certificate (not secure) False
Click Test to validate the URLs, token, and connection.
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Checks the reputation of a URL.
Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.
|url||URL to check.||Required|
|URL.Malicious.Vendor||unknown||The vendor reporting the URL as malicious.|
|URL.Malicious.Description||unknown||A description of the malicious URL.|
|DBotScore.Indicator||unknown||The indicator that was tested.|
|DBotScore.Type||unknown||The indicator type.|
|DBotScore.Vendor||unknown||The vendor used to calculate the score.|
|DBotScore.Score||unknown||The actual score.|
!url using-brand=OpenPhish_v2 url="google.com, hxxp://hang3clip.ddns.net/"
Reload OpenPhish database
Show OpenPhish database status
There is no context output for this command.