Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

Phishtank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.

This document provides information about the PhishTank connector, which facilitates automated interactions with PhishTank using FortiSOAR™ playbooks. Add the PhishTank connector as a step in FortiSOAR™ playbooks and perform automated operations, such as checking the reputation for the specified URL.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.11.0-1161

Authored By: Fortinet

Certified: Yes

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-phishtank

For the detailed procedure to install a connector, click here.

Prerequisites to configuring the connector

  • You must have the URL of the PhishTank server to which you will connect and perform automated operations.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the PhishTank connector row, and in the Configuration tab enter the required configuration details.

Parameter Description
API Token (Optional) API token that is configured for your account to access PhishTank.
Server URL URL of the PhishTank server to which you will connect and perform the automated operations.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
URL Reputation Retrieves the reputation of the URL that you have specified from the PhishTank database url_reputation
Investigation

operation: URL Reputation

Input parameters

Parameter Description
URL URL whose reputation you want lookup on PhishTank.

Output

The JSON output returns a Success message if the URL that you have specified is successfully sent to the list of phishing sites on Phishtank and a True attribute (if the specified site is a phishing site) or a False attribute (if the specified site is not a phishing site) in the Valid parameter based on whether the site is a phishing site.

The output contains a non-dictionary value

Included playbooks

The Sample - PhishTank - 1.0.0 playbook collection comes bundled with the PhishTank connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the PhishTank connector.

  • URL Reputation

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

Phishtank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.

This document provides information about the PhishTank connector, which facilitates automated interactions with PhishTank using FortiSOAR™ playbooks. Add the PhishTank connector as a step in FortiSOAR™ playbooks and perform automated operations, such as checking the reputation for the specified URL.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.11.0-1161

Authored By: Fortinet

Certified: Yes

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-phishtank

For the detailed procedure to install a connector, click here.

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the PhishTank connector row, and in the Configuration tab enter the required configuration details.

Parameter Description
API Token (Optional) API token that is configured for your account to access PhishTank.
Server URL URL of the PhishTank server to which you will connect and perform the automated operations.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
URL Reputation Retrieves the reputation of the URL that you have specified from the PhishTank database url_reputation
Investigation

operation: URL Reputation

Input parameters

Parameter Description
URL URL whose reputation you want lookup on PhishTank.

Output

The JSON output returns a Success message if the URL that you have specified is successfully sent to the list of phishing sites on Phishtank and a True attribute (if the specified site is a phishing site) or a False attribute (if the specified site is not a phishing site) in the Valid parameter based on whether the site is a phishing site.

The output contains a non-dictionary value

Included playbooks

The Sample - PhishTank - 1.0.0 playbook collection comes bundled with the PhishTank connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the PhishTank connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.