Skip to main content

Agari Phishing Defense

Download With Dependencies

Use the Agari Phishing Defense integration to retrieve Policy Events as Incidents, retrieve messages and remediate suspected messages.

Agari Phishing Defense (APD) stops phishing, BEC, and other identity deception attacks that trick employees into harming your business. APD prevents threats from reaching employee inboxes by scoring every message flowing into and within the organization to defend against these low-volume, highly-targeted identity deception-based attacks.

This Agari Phishing Defense content pack contains an APD integration that provides customers with a granular level of visibility into email threats and the ability to orchestrate protection processes and safeguard infrastructure from within Cortex XSOAR. The Agari Phishing Defense playbook enables gathering policy events and associated messages from APD, enriching data using Cortex XSOAR built-in sub-playbooks, and performing remediation.

What does this pack do?
  • The playbooks included in this pack help you by providing a consolidated view of all security incidents that saves time and keeps your email security in check.
  • Imports policy events and corresponding message metadata from Agari Phishing Defense.
  • Does email enrichment (IP, domain, URL, attachment, email address, etc.)
  • Does email authenticity check
  • Does remediation if malicious

_For more information, visit (




Cortex XSOARCortex XSIAM


CertificationRead more
Supported ByPartner
CreatedJanuary 21, 2021
Last ReleaseFebruary 1, 2023

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.