Skip to main content


This Script is part of the Machine Learning Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Predict phishing incidents using the out-of-the-box pre-trained model.

Script Data#

Script Typepython3
Tagsphishing, ml
Cortex XSOAR Version5.5.0


Argument NameDescription
emailSubjectSubject of the email.
emailBodyBody of the email.
emailBodyHTMLHTML body of the email. Only use this field if the emailBody argument is empty.
topWordsLimitMaximum number of positive/negative words to return for the model decision.
wordThresholdThreshold to determine word importance (range 0-1). Default is 0.05.
minTextLengthMinimum number of characters for the prediction.
labelProbabilityThresholdThe label probability threshold. Default is 0.
confidenceThresholdThe confidence threshold. The model will provide predictions only if their confidence is above this threshold.
returnErrorWhether to return an error when there is no prediction. Default is "true".
setIncidentFieldsWhether to set Cortex XSOAR out-of-the-box DBot fields.


DBotPredictPhishingWords.LabelThe predicted label.String
DBotPredictPhishingWords.ProbabilityThe predicted probability (range 0-1).Number
DBotPredictPhishingWords.PositiveWordsA list of words in the input text that supports the model decision.Unknown
DBotPredictPhishingWords.NegativeWordsA list of words in the input text that do not support the model decision. These words better support a different classification class.Unknown
DBotPredictPhishingWords.TextTokensHighlightedThe input text (after pre-processing) with the positive words that support the model decision.String