Phishtank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.
This document provides information about the PhishTank connector, which facilitates automated interactions with PhishTank using FortiSOAR™ playbooks. Add the PhishTank connector as a step in FortiSOAR™ playbooks and perform automated operations, such as checking the reputation for the specified URL.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-phishtank
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the PhishTank connector row, and in the Configuration tab enter the required configuration details.
Parameter | Description |
---|---|
API Token | (Optional) API token that is configured for your account to access PhishTank. |
Server URL | URL of the PhishTank server to which you will connect and perform the automated operations. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
URL Reputation | Retrieves the reputation of the URL that you have specified from the PhishTank database | url_reputation Investigation |
Parameter | Description |
---|---|
URL | URL whose reputation you want lookup on PhishTank. |
The JSON output returns a Success
message if the URL that you have specified is successfully sent to the list of phishing sites on Phishtank and a True
attribute (if the specified site is a phishing site) or a False
attribute (if the specified site is not a phishing site) in the Valid
parameter based on whether the site is a phishing site.
The output contains a non-dictionary value
The Sample - PhishTank - 1.0.0
playbook collection comes bundled with the PhishTank connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the PhishTank connector.
URL Reputation
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Phishtank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.
This document provides information about the PhishTank connector, which facilitates automated interactions with PhishTank using FortiSOAR™ playbooks. Add the PhishTank connector as a step in FortiSOAR™ playbooks and perform automated operations, such as checking the reputation for the specified URL.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-phishtank
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the PhishTank connector row, and in the Configuration tab enter the required configuration details.
Parameter | Description |
---|---|
API Token | (Optional) API token that is configured for your account to access PhishTank. |
Server URL | URL of the PhishTank server to which you will connect and perform the automated operations. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
URL Reputation | Retrieves the reputation of the URL that you have specified from the PhishTank database | url_reputation Investigation |
Parameter | Description |
---|---|
URL | URL whose reputation you want lookup on PhishTank. |
The JSON output returns a Success
message if the URL that you have specified is successfully sent to the list of phishing sites on Phishtank and a True
attribute (if the specified site is a phishing site) or a False
attribute (if the specified site is not a phishing site) in the Valid
parameter based on whether the site is a phishing site.
The output contains a non-dictionary value
The Sample - PhishTank - 1.0.0
playbook collection comes bundled with the PhishTank connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the PhishTank connector.
URL Reputation
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.