Phish.AI

Closing the gap on traditional solutions, training, and talent with next-generation anti-phishing platform powered by AI & Computer Vision.

Configure Phish.AI on Demisto

  1. Navigate to Settings > Integrations > Servers & Services .
  2. Search for Phish.AI.
  3. Click Add instance to create and configure a new integration instance.
    • Name : a textual name for the integration instance.
    • Private API Key (Optional) get it from My Profile on your Phish.AI Web URL
    • Use system proxy settings
  4. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.

1. Scan a URL


Checks if a URL is phishing, and returns details about the brand that is being phished.

Base Command

phish-ai-scan-url

Input
Argument Name Description Required
url The URL to check. Required

Context Output
Path Type Description
URL.Data string The URL address.
URL.Malicious.Vendor string For malicious URLs, the vendor that made the decision.
URL.Malicious.Description string For malicious URLs, the reason that the vendor made the decision.
DBotScore.Indicator string The indicator that was tested.
DBotScore.Type string The indicator type.
DBotScore.Vendor string The vendor used to calculate the score.
DBotScore.Score number The actual score.
IP.Address string The IP address of the URL.
IP.Geo.Country string The geo-location of the URL.
PhishAI.ScanID string The Phish AI scan ID.
PhishAI.Status string The status of the scan.
PhishAI.URL string The URL address.

Command Example
!phish-ai-scan url=www.demisto.com
Human Readable Output
phishaiscan

2. Check a URL status


Checks the status of a URL, for example, “completed” or “in progress”.

Base Command

phish-ai-check-status

Input
Argument Name Description Required
scan_id The scan ID of the URL to check the status of. You must replace the url argument with the scan_id argument in automations and playbooks. Backward compatibility is not supported. Required

Context Output
Path Type Description
URL.Data string The IP address of the URL.
PhishAI.Status string That status of the scan.
PhishAI.ScanID string The Phish.AI scan ID.

Command Example
!phish-ai-check-status scan_id="{CsFCgZ494mmW2JMI4hkK}"
Human Readable Output
phishaicheck

3. Dispute a scan result


Disputes the result of a scan.

Base Command

phish-ai-dispute-url

Input
Argument Name Description Required
scan_id The scan ID of the URL to dispute. Required

Context Output

There is no context output for this command.

Command Example
!phish-ai-dispute-url scan_id="CsFCgZ494mmW2JMI4hkK"
Human Readable Output
phishaidispute