PhishTank v2

PhishTank is a free community site where anyone can submit, verify, track and share phishing data. This integration was integrated and tested with version 1.0.1 of PhishTank.

Configure PhishTankV2 on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for PhishTankV2.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
proxyUse system proxy settingsFalse
insecureTrust any certificate (not secure)False
fetchIntervalHoursDatabase refresh interval (hours)False
  1. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

url


Checks the reputation of the supplied URLs.

Base Command

url

Input

Argument NameDescriptionRequired
urlA comma-separated list of URLs to check the reputation of.Required

Context Output

PathTypeDescription
URL.DataStringA list of URLs with a bad reputation.
URL.Malicious.VendorStringFor malicious URLs, the vendor that tagged the URL as malicious.
URL.Malicious.DescriptionStringFor malicious URLs, the reason the vendor tagged the URL as malicious.
DBotScore.IndicatorStringThe indicator tested.
DBotScore.TypeStringThe indicator type.
DBotScore.VendorStringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

Command Example

!url url=hxxp://login.rakuten.co.jp.reise

Human Readable Output

PhishTankV2 Database - URL Query

Found matches for URL hxxp://login.rakuten.co.jp.reise

onlinephish_idsubmission_timetargetverification_timeverified
yes67849822020-09-27T19:04:35+00:00Other2020-09-27T19:10:20+00:00yes

Additional details at http://www.phishtank.com/phish_detail.php?phish_id=6784982

phishtank-reload


Reload PhishTank database

Base Command

phishtank-reload

Input

There are no input arguments for this command.

Context Output

There is no context output for this command.

Command Example

!phishtank-reload

Human Readable Output

PhishTankV2 Database reloaded


Total **13181** URLs loaded

phishtank-status


Show PhishTank database status

Base Command

phishtank-status

Input

There are no input arguments for this command.

Context Output

There is no context output for this command.

Command Example

!phishtank-status

Human Readable Output

PhishTankV2 Database Status


Total **13181** URLs loaded
Last Load time **Sun Oct 04 2020 09:43:01 (UTC)**