Skip to main content

PhishTank v2

This Integration is part of the PhishTank Pack.#

PhishTank is a free community site where anyone can submit, verify, track and share phishing data. This integration was integrated and tested with version 1.0.1 of PhishTank.

Configure PhishTankV2 in Cortex#

ParameterDescriptionRequired
use_httpsUse HTTPS connectionFalse
Source ReliabilityReliability of the source providing the intelligence data.B - Usually reliable
proxyUse system proxy settingsFalse
insecureTrust any certificate (not secure)False
fetchIntervalHoursDatabase refresh interval (hours)False

Best Practice#

When using the PhishTank V2 integration, we recommend that you use an engine to run the integration instance, and to use different engines for different tenants. You should open a platform feature request (FR) to request separate egress IPs for the different tenants.

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

url#


Checks the reputation of the supplied URLs.

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.

Base Command#

url

Input#

Argument NameDescriptionRequired
urlA comma-separated list of URLs to check the reputation of.Required

Context Output#

PathTypeDescription
URL.DataStringA list of URLs with a bad reputation.
URL.Malicious.VendorStringFor malicious URLs, the vendor that tagged the URL as malicious.
URL.Malicious.DescriptionStringFor malicious URLs, the reason the vendor tagged the URL as malicious.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

Command Example#

!url url=hxxp://login.rakuten.co.jp.reise

Human Readable Output#

PhishTankV2 Database - URL Query#

Found matches for URL hxxp://login.rakuten.co.jp.reise#

onlinephish_idsubmission_timetargetverification_timeverified
yes67849822020-09-27T19:04:35+00:00Other2020-09-27T19:10:20+00:00yes

Additional details at http://www.phishtank.com/phish_detail.php?phish_id=6784982

phishtank-reload#


Reload PhishTank database

Base Command#

phishtank-reload

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command Example#

!phishtank-reload

Human Readable Output#

PhishTankV2 Database reloaded


Total **13181** URLs loaded

phishtank-status#


Show PhishTank database status

Base Command#

phishtank-status

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command Example#

!phishtank-status

Human Readable Output#

PhishTankV2 Database Status


Total **13181** URLs loaded
Last Load time **Sun Oct 04 2020 09:43:01 (UTC)**