PhishTank
Version: 3.1.1
Analyze suspicious files and URLs to detect types of malware including viruses, worms, and trojans.
Connect PhishTank with LogicHub
- Navigate to Automations > Integrations.
- Search for PhishTank.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- API Key: The API key to connect to the PhishTank.
- After you've entered all the details, click Connect.
Actions for PhishTank
URL Scan (Deprecated)
Submits a URL to PhishTank for lookup against their Phishing database. Based off of the results, automate how Incident Response is handled.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| URL | Column name from parent table to lookup value for URL. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
{
"has_error": true,
"error": "Error in processing column: 'results'"
}
URL scan
Submits a URL to PhishTank for lookup against their Phishing database. Based off of the results, automate how Incident Response is handled.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| URL | Jinja-templated text containing the lookup value for URL | Required |
Output
JSON containing the following items:
{
"has_error":false,
"meta":{
"status":"success",
"timestamp":"2023-05-30T10:58:13+00:00",
"serverid":"e5f3test",
"requestid":"172.15.126.121.6475d6c588f027.62782908"
},
"results":{
"verified":false,
"phish_detail_page":"http://www.phishtank.com/phish_detail.php?phish_id=8112312",
"url":"https://www.przelewy24.pl/",
"verified_at":null,
"phish_id":"8112312",
"valid":false,
"in_database":true
},
"error":null
}
Release Notes
v3.1.1- Deprecated oldURL Scanaction and added new one with more detailed output.v3.0.0- Updated architecture to support IO via filesystemv2.0.6- Added documentation link in the automation library.
Updated 6 months ago