PhishTank
Analyze suspicious files and URLs to detect types of malware including viruses, worms, and trojans.
Connect PhishTank with Devo SOAR
Navigate to Automations > Integrations.
Search for PhishTank.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
API Key: The API key to connect to the PhishTank.
After you've entered all the details, click Connect.
Actions for PhishTank
URL Scan (Deprecated)
Submits a URL to PhishTank for lookup against their Phishing database. Based off of the results, automate how Incident Response is handled.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
URL | Column name from parent table to lookup value for URL. | Required |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: message/null
``` {json}{ "has_error": true, "error": "Error in processing column: 'results'" }
## URL scan
Submits a URL to PhishTank for lookup against their Phishing database. Based off of the results, automate how Incident Response is handled.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :--------- | :----------------------------------------------------------------------------- | :------- |
| URL | [Jinja-templated](doc:jinja-template) text containing the lookup value for URL | Required |
### Output
JSON containing the following items:
```JSON
{
"has_error":false,
"meta":{
"status":"success",
"timestamp":"2023-05-30T10:58:13+00:00",
"serverid":"e5f3test",
"requestid":"172.15.126.121.6475d6c588f027.62782908"
},
"results":{
"verified":false,
"phish_detail_page":"http://www.phishtank.com/phish_detail.php?phish_id=8112312",
"url":"https://www.przelewy24.pl/",
"verified_at":null,
"phish_id":"8112312",
"valid":false,
"in_database":true
},
"error":null
}
Release Notes
v3.1.1
- Deprecated oldURL Scan
action and added new one with more detailed output.v3.0.0
- Updated architecture to support IO via filesystemv2.0.6
- Added documentation link in the automation library.