OpenPhish v2

OpenPhish uses proprietary Artificial Intelligence algorithms to automatically identify zero-day phishing sites and provide comprehensive, actionable, real-time threat intelligence.

Configure OpenPhish_v2 on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for OpenPhish v2.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    httpsUse HTTPS connectionFalse
    fetchIntervalHoursDatabase refresh interval (hours)False
    proxyUse system proxy settingsFalse
    insecureTrust any certificate (not secure)False
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

url#


Checks the reputation of a URL.

Base Command#

url

Input#

Argument NameDescriptionRequired
urlURL to check.Required

Context Output#

PathTypeDescription
URL.DataunknownThe URL
URL.Malicious.VendorunknownThe vendor reporting the URL as malicious.
URL.Malicious.DescriptionunknownA description of the malicious URL.
DBotScore.IndicatorunknownThe indicator that was tested.
DBotScore.TypeunknownThe indicator type.
DBotScore.VendorunknownThe vendor used to calculate the score.
DBotScore.ScoreunknownThe actual score.

Command Example#

!url using-brand=OpenPhish_v2 url="google.com, hxxp://hang3clip.ddns.net/"

Context Example#

{
"DBotScore": [
{
"Indicator": "google.com",
"Score": 0,
"Type": "url",
"Vendor": "OpenPhish"
},
{
"Indicator": "hxxp://hang3clip.ddns.net/",
"Score": 3,
"Type": "url",
"Vendor": "OpenPhish"
}
],
"URL": [
{
"Data": "google.com"
},
{
"Data": "hxxp://hang3clip.ddns.net/",
"Malicious": {
"Description": "Match found in OpenPhish database",
"Vendor": "OpenPhish"
}
}
]
}

Human Readable Output#

OpenPhish Database - URL Query#

No matches for URL google.com#

Found matches for given URL hxxp://hang3clip.ddns.net/#

openphish-reload#


Reload OpenPhish database

Base Command#

openphish-reload

Input#

Argument NameDescriptionRequired

Command Example#

!openphish-reload

Human Readable Output#

updated successfully

openphish-status#


Show OpenPhish database status

Base Command#

openphish-status

Input#

Argument NameDescriptionRequired

Context Output#

There is no context output for this command.

Command Example#

!openphish-status

Human Readable Output#

image