Supported Cortex XSOAR versions: 6.1.0 and later.
Runs various machine-learning based checks on phishing emails and URLs, in an attempt to predict whether they are phishing or benign.
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any sub-playbooks.
This playbook does not use any integrations.
|The list of URLs that were extracted from the file. This output is a duplicate of the URL.Data output and it enables parent playbooks to identify the URLs generated by this playbook.
|Optional - the name of a pre-trained phishing model to predict phishing type using machine learning.
|The number of URLs to extract from the email HTML and analyze in the "DBotPredictURLPhishing" automation.
This automation runs several checks to determine the score of the URLs found in the email, sets a verdict for URLs found as "Suspicious" or "Malicious", and adds these URLs as indicators. Based on the verdict, the incident severity is set (Medium for "Suspicious" and High for "Malicious").
- You need to install the "Phishing URL" pack to use this automation.
- False/True positives are possible.
- This automation may take a few minutes to run.
- To increase result accuracy, it is recommended to install and enable the "Whois" pack (optional).
|The email text of the phishing email if it exists.
|The email HTML body of the phishing email if it exists.
|The subject of the phishing email if it exists.
There are no outputs for this playbook.