Phishing Initiative provides users with an API that gives any user the ability to fight against phishing attacks.
This document provides information about the Phishing Initiative connector, which facilitates automated interactions with Phishing Initiative using FortiSOAR™ playbooks. Add the Phishing Initiative connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving the reputation of a URL that you have specified.
Connector Version: 2.0.0
FortiSOAR™ Version Tested on: 5.1.1-69
Authored By: Fortinet
Certified: Yes
Following enhancements have been made to the Phishing Initiative Connector in version 2.0.0:
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™repository and run the yum command as a root user to install connectors:
yum install cyops-connector-phishing-initiative
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Phishing Initiative connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | Server address of Phishing Initiative site to which you will connect and perform automated operations. |
API Key | API key to access Phishing Initiative account to which you will connect and perform automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get URL Reputation | Retrieves the reputation information of the URL you have specified URL from Phishing Initiative. | url_reputation Investigation |
Parameter | Description |
---|---|
URL | URL for which you want to retrieve reputation information. |
The output contains the following populated JSON schema:
{
"tag_label": "",
"tag": "",
"url": ""
}
The Sample - Phishing Initiative - 2.0.0
playbook collection comes bundled with the Phishing Initiative connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Phishing Initiative connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Phishing Initiative provides users with an API that gives any user the ability to fight against phishing attacks.
This document provides information about the Phishing Initiative connector, which facilitates automated interactions with Phishing Initiative using FortiSOAR™ playbooks. Add the Phishing Initiative connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving the reputation of a URL that you have specified.
Connector Version: 2.0.0
FortiSOAR™ Version Tested on: 5.1.1-69
Authored By: Fortinet
Certified: Yes
Following enhancements have been made to the Phishing Initiative Connector in version 2.0.0:
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™repository and run the yum command as a root user to install connectors:
yum install cyops-connector-phishing-initiative
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Phishing Initiative connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | Server address of Phishing Initiative site to which you will connect and perform automated operations. |
API Key | API key to access Phishing Initiative account to which you will connect and perform automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Get URL Reputation | Retrieves the reputation information of the URL you have specified URL from Phishing Initiative. | url_reputation Investigation |
Parameter | Description |
---|---|
URL | URL for which you want to retrieve reputation information. |
The output contains the following populated JSON schema:
{
"tag_label": "",
"tag": "",
"url": ""
}
The Sample - Phishing Initiative - 2.0.0
playbook collection comes bundled with the Phishing Initiative connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Phishing Initiative connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.