Supported Cortex XSOAR versions: 6.1.0 and later.
Runs various machine-learning based checks on phishing emails and URLs, in an attempt to predict whether they are phishing or benign.
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any sub-playbooks.
This playbook does not use any integrations.
|ExtractedURLsFromFiles||The list of URLs that were extracted from the file. This output is a duplicate of the URL.Data output and it enables parent playbooks to identify the URLs generated by this playbook.||Optional|
|PhishingModelName||Optional - the name of a pre-trained phishing model to predict phishing type using machine learning.||Optional|
|DBotPredictURLPhishingURLsNumber||The number of URLs to extract from the email HTML and analyze in the "DBotPredictURLPhishing" automation.|
This automation runs several checks to determine the score of the URLs found in the email, sets a verdict for URLs found as "Suspicious" or "Malicious", and adds these URLs as indicators. Based on the verdict, the incident severity is set (Medium for "Suspicious" and High for "Malicious").
- You need to install the "Phishing URL" pack to use this automation.
- False/True positives are possible.
- This automation may take a few minutes to run.
- To increase result accuracy, it is recommended to install and enable the "Whois" pack (optional).
|EmailText||The email text of the phishing email if it exists.||Optional|
|EmailHTML||The email HTML body of the phishing email if it exists.||Optional|
|EmailSubject||The subject of the phishing email if it exists.||Optional|
There are no outputs for this playbook.