OpenPhish v2

OpenPhish uses proprietary Artificial Intelligence algorithms to automatically identify zero-day phishing sites and provide comprehensive, actionable, real-time threat intelligence. This integration was integrated and tested with version xx of OpenPhish_v2

Configure OpenPhish v2 on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for OpenPhish v2.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
proxyUse system proxy settingsFalse
fetchIntervalHoursDatabase refresh interval (hours)False
insecureTrust any certificate (not secure)False
  1. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

url


Check URL Reputation

Base Command

url

Input

Argument NameDescriptionRequired
urlURL to checkRequired

Context Output

PathTypeDescription
URL.DataunknownThe URL
URL.Malicious.VendorunknownThe vendor reporting the URL as malicious.
URL.Malicious.DescriptionunknownA description of the malicious URL.
DBotScore.IndicatorunknownThe indicator that was tested.
DBotScore.TypeunknownThe indicator type.
DBotScore.VendorunknownThe vendor used to calculate the score.
DBotScore.ScoreunknownThe actual score.

Command Example

!url using-brand=OpenPhish_v2 url="google.com, hxxp://hang3clip.ddns.net/"

Context Example

{
"DBotScore": [
{
"Indicator": "google.com",
"Score": 0,
"Type": "url",
"Vendor": "OpenPhish"
},
{
"Indicator": "hxxp://hang3clip.ddns.net/",
"Score": 3,
"Type": "url",
"Vendor": "OpenPhish"
}
],
"URL": [
{
"Data": "google.com"
},
{
"Data": "hxxp://hang3clip.ddns.net/",
"Malicious": {
"Description": "Match found in OpenPhish database",
"Vendor": "OpenPhish"
}
}
]
}

Human Readable Output

OpenPhish Database - URL Query

No matches for URL google.com

Found matches for given URL hxxp://hang3clip.ddns.net/

openphish-reload


Reload OpenPhish database

Base Command

openphish-reload

Input

Argument NameDescriptionRequired

Command Example

!openphish-reload

Human Readable Output

updated successfully

openphish-status


Show OpenPhish database status

Base Command

openphish-status

Input

Argument NameDescriptionRequired

Context Output

There is no context output for this command.

Command Example

!openphish-status

Human Readable Output

image