Skip to main content

Phishing - Core v2

This Playbook is part of the Phishing Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

This playbook provides a basic response to phishing incidents, including:

  • Calculating reputation for all indicators
  • Extracting indicators from email attachments
  • Calculating severity for the incident based on indicator reputation
  • Updating the reporting user about investigation status
  • Enabling manual incident remediation

This updated playbook uses: 1) Incident fields instead of labels 2) The "Process Email - Core v2" playbook


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Extract Indicators From File - Generic v2
  • Process Email - Core v2


This playbook does not use any integrations.


This playbook does not use any scripts.


  • rasterize
  • rasterize-email
  • closeInvestigation
  • setIncident
  • send-mail

Playbook Inputs#

NameDescriptionDefault ValueRequired
GetURLScreenshotsWhether the user wants the Rasterize integration to produce images of URLs involved in the incident. If "True", screenshots are taken.TrueOptional

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Phishing - Core v2