Detonate URL - Phish.AI
Detonates a URL using the Phish.AI integration.
Dependencies
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks
- GenericPolling
Integrations
This playbook does not use any integrations.
Scripts
This playbook does not use any scripts.
Commands
- phish-ai-check-status
- phish-ai-scan-url
Playbook Inputs
Name | Description | Default Value | Source | Required |
---|---|---|---|---|
URL | The URL to detonate. | Data | URL | Optional |
Interval | The polling frequency. How often the polling command should run (in minutes). | 1 | - | Optional |
Timeout | How much time to wait before a timeout occurs (in minutes). | 15 | - | Optional |
Playbook Outputs
Path | Description | Type |
---|---|---|
PhishAI.ScanID | The Phish.AI scan ID. | string |
PhishAI.Status | The scan status. | string |
PhishAI.URL | The URL address. | string |
URL.Malicious.Vendor | The vendor that made the decision that the URL is malicious. | string |
URL.Malicious.Description | The reason for the vendor to make the decision that the URL is malicious. | string |
DBotScore.Indicator | The indicator that was tested. | string |
DBotScore.Type | The type of the indicator. | string |
DBotScore.Vendor | The vendor used to calculate the score. | string |
DBotScore.Score | The actual score. | number |
IP.Address | The IP address of the URL. | string |
IP.Geo.Country | The geo location of the URL. | string |
URL.Status | THe URL's status. | string |
URL.Data | The URL's address. | string |