Fortinet Document Library

Table of Contents

Phishing Initiative

2.0.0
Copy Link

About the connector

Phishing Initiative provides users with an API that gives any user the ability to fight against phishing attacks.

This document provides information about the Phishing Initiative connector, which facilitates automated interactions with Phishing Initiative using FortiSOAR™ playbooks. Add the Phishing Initiative connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving the reputation of a URL that you have specified.

Version information

Connector Version: 2.0.0

FortiSOAR™ Version Tested on: 5.1.1-69

Authored By: Fortinet

Certified: Yes

Release Notes for version 2.0.0

Following enhancements have been made to the Phishing Initiative Connector in version 2.0.0:

  • Certified the Phishing Initiative connector.

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™repository and run the yum command as a root user to install connectors:

yum install cyops-connector-phishing-initiative

Prerequisites to configuring the connector

  • You must have the server address of the Phishing Initiative site to which you will connect and perform automated operations and API Key to access your Phishing Initiative account.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Phishing Initiative connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL Server address of Phishing Initiative site to which you will connect and perform automated operations.
API Key API key to access Phishing Initiative account to which you will connect and perform automated operations. 
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get URL Reputation Retrieves the reputation information of the URL you have specified URL from Phishing Initiative. url_reputation
Investigation

operation: Get URL Reputation

Input parameters

Parameter Description
URL URL for which you want to retrieve reputation information.

Output

The output contains the following populated JSON schema:
{
     "tag_label": "",
     "tag": "",
     "url": ""
}

Included playbooks

The Sample - Phishing Initiative - 2.0.0 playbook collection comes bundled with the Phishing Initiative connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Phishing Initiative connector.

  • Get URL Reputation

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

Phishing Initiative provides users with an API that gives any user the ability to fight against phishing attacks.

This document provides information about the Phishing Initiative connector, which facilitates automated interactions with Phishing Initiative using FortiSOAR™ playbooks. Add the Phishing Initiative connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving the reputation of a URL that you have specified.

Version information

Connector Version: 2.0.0

FortiSOAR™ Version Tested on: 5.1.1-69

Authored By: Fortinet

Certified: Yes

Release Notes for version 2.0.0

Following enhancements have been made to the Phishing Initiative Connector in version 2.0.0:

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™repository and run the yum command as a root user to install connectors:

yum install cyops-connector-phishing-initiative

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Phishing Initiative connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL Server address of Phishing Initiative site to which you will connect and perform automated operations.
API Key API key to access Phishing Initiative account to which you will connect and perform automated operations. 
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get URL Reputation Retrieves the reputation information of the URL you have specified URL from Phishing Initiative. url_reputation
Investigation

operation: Get URL Reputation

Input parameters

Parameter Description
URL URL for which you want to retrieve reputation information.

Output

The output contains the following populated JSON schema:
{
     "tag_label": "",
     "tag": "",
     "url": ""
}

Included playbooks

The Sample - Phishing Initiative - 2.0.0 playbook collection comes bundled with the Phishing Initiative connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Phishing Initiative connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.