Skip to main content

Phishing - Core

This Playbook is part of the Phishing Pack.#

Provides a basic response to phishing incidents.

Playbook features:

  • Calculates reputation for all indicators.
  • Extracts indicators from email attachments.
  • Calculates severity for the incident based on indicator reputation.
  • Updates reporting user about investigation status.
  • Allows manual remediation of the incident.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Process Email - Core
  • Extract Indicators From File - Generic v2


  • Builtin


This playbook does not use any scripts.


  • rasterize
  • send-mail
  • setIncident
  • rasterize-email
  • closeInvestigation

Playbook Inputs#

NameDescriptionDefault ValueRequired
GetURLScreenshotsWhether the user wants the Rasterize integration to produce images of URLs that are involved in the incident. If "True", screenshots will be taken.TrueOptional

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#