Phish.AI
Closing the gap on traditional solutions, training, and talent with next-generation anti-phishing platform powered by AI & Computer Vision.
Configure Phish.AI on Demisto
- Navigate to Settings > Integrations > Servers & Services .
- Search for Phish.AI.
-
Click
Add instance
to create and configure a new integration instance.
- Name : a textual name for the integration instance.
- Private API Key (Optional) get it from My Profile on your Phish.AI Web URL
- Use system proxy settings
- Click Test to validate the URLs, token, and connection.
Commands
You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.
1. Scan a URL
Checks if a URL is phishing, and returns details about the brand that is being phished.
Base Command
phish-ai-scan-url
Input
| Argument Name | Description | Required |
|---|---|---|
| url | The URL to check. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| URL.Data | string | The URL address. |
| URL.Malicious.Vendor | string | For malicious URLs, the vendor that made the decision. |
| URL.Malicious.Description | string | For malicious URLs, the reason that the vendor made the decision. |
| DBotScore.Indicator | string | The indicator that was tested. |
| DBotScore.Type | string | The indicator type. |
| DBotScore.Vendor | string | The vendor used to calculate the score. |
| DBotScore.Score | number | The actual score. |
| IP.Address | string | The IP address of the URL. |
| IP.Geo.Country | string | The geo-location of the URL. |
| PhishAI.ScanID | string | The Phish AI scan ID. |
| PhishAI.Status | string | The status of the scan. |
| PhishAI.URL | string | The URL address. |
Command Example
!phish-ai-scan url=www.demisto.com
Human Readable Output
2. Check a URL status
Checks the status of a URL, for example, “completed” or “in progress”.
Base Command
phish-ai-check-status
Input
| Argument Name | Description | Required |
|---|---|---|
| scan_id | The scan ID of the URL to check the status of. You must replace the url argument with the scan_id argument in automations and playbooks. Backward compatibility is not supported. | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| URL.Data | string | The IP address of the URL. |
| PhishAI.Status | string | That status of the scan. |
| PhishAI.ScanID | string | The Phish.AI scan ID. |
Command Example
!phish-ai-check-status scan_id="{CsFCgZ494mmW2JMI4hkK}"
Human Readable Output
3. Dispute a scan result
Disputes the result of a scan.
Base Command
phish-ai-dispute-url
Input
| Argument Name | Description | Required |
|---|---|---|
| scan_id | The scan ID of the URL to dispute. | Required |
Context Output
There is no context output for this command.
Command Example
!phish-ai-dispute-url scan_id="CsFCgZ494mmW2JMI4hkK"
Human Readable Output
