Phishing URL | Marketplace

Details
Content
Dependencies
Version History

Phishing URL is a project with the goal of detecting phishing URLs using machine learning

Phishing URLs are one of the most frequent, easily executable, and harmful security attacks that organizations – regardless of size – face today. High-volume, persistent phishing alerts are a time sink to manage, with incident response requiring coordination between multiple security products and communications with end users.
This pack aims to detect URL phishing attacks automatically using machine learning techniques. The model ingests a large volume of infomation such as a screenshot of the webpage, HTML of the webpage, and WHOIS data, and returns an explainable verdict.

What does this pack do?

Loads a pretrained model that aims to detect URL phishing attacks.
Enriches the logo detection engine by adding new logos.

Name	Description
DBotPredictURLPhishing	Predict phishing URLs using a pre-trained model.

Required Content Packs (4)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Whois	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR

Optional Content Packs (2)

Pack Name	Pack By
DomainTools Enterprise	By: DomainTools
JsonWhoIs	By: Cortex XSOAR

All level dependencies (5)

Pack Name	Pack By
Rasterize	By: Cortex XSOAR
Whois	By: Cortex XSOAR
Base	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

1.1.21 - 1609112 (November 7, 2024)

Scripts

DBotPredictURLPhishing

Fixed an issue where the DBotScore output was invalid.

Related pull requests:
- 37110

Download

1.1.20 - 1602991 (November 6, 2024)

Scripts

DBotPredictURLPhishing

Removed the URLs that start with mailto: from the urls argument.
Updated the Docker image to: demisto/mlurlphishing:1.0.0.115323.

Related pull requests:
- 37080

Download

1.1.19 - R1320807 (August 28, 2024)

Scripts

DBotPredictURLPhishing

Fixed an issue in which the response from the rasterize command for mailto URLs would not be parsed correctly and cause an error.

Related pull requests:
- 35849

Download

1.1.18 - 1231970 (August 1, 2024)

Scripts

DBotPredictURLPhishing

Added the new argument defaultRequestProtocol (default value http). This will be the default protocol used for URLs supplied with no explicit schema. This argument affects the http requests sent by this script, it has no effect to scripts called through executeCommand (rasterize, whois).

Related pull requests:
- 35690

Download

1.1.17 - 1191003 (July 18, 2024)

Scripts

DBotPredictURLPhishing

Fixed an issue in which an error was raised when the rasterize command returned multiple responses for a single URL.

Related pull requests:
- 35163

Download

1.1.16 - 1175817 (July 14, 2024)

Scripts

DBotPredictURLPhishing

Updated the Docker image to: demisto/mlurlphishing:1.0.0.103417.

Related pull requests:
- 35272

Download

1.1.15 - 1116022 (June 24, 2024)

Scripts

DBotPredictURLPhishing

Updated the Docker image to: demisto/mlurlphishing:1.0.0.97649.

Related pull requests:
- 35026

Download

1.1.14 - 1038463 (May 23, 2024)

Scripts

DBotPredictURLPhishing

Fixed an issue in which an error was raised when the rasterize command failed.
Updated the Docker image to: demisto/mlurlphishing:1.0.0.90588.

Related pull requests:
- 34439

Download

1.1.13 - 970211 (April 21, 2024)

Scripts

DBotPredictURLPhishing

Fixed an issue in which an error was raised when more than one URL failed to be rasterized.

Related pull requests:
- 34060

Download

1.1.12 - 962639 (April 17, 2024)

Scripts

DBotPredictURLPhishing

Improved implementation for increased performance and code quality.
Updated the Docker image to: demisto/mlurlphishing:1.0.0.88055.

Related pull requests:
- 31903

Download

1.1.11 - 865088 (March 3, 2024)

Scripts

DBotPredictURLPhishing

Updated the Docker image to: demisto/mlurlphishing:1.0.0.88055.

Related pull requests:
- 33167

Download

1.1.10 - 829761 (February 15, 2024)

Scripts

DBotPredictURLPhishing

Updated the Docker image to: demisto/mlurlphishing:1.0.0.29930.

Related pull requests:
- 32944

Download

1.1.9 - 827009 (February 14, 2024)

Scripts

DBotPredictURLPhishing

Updated the Docker image to: demisto/mlurlphishing:1.0.0.85127.

Related pull requests:
- 32916

Download

1.1.8 - R775948 (January 21, 2024)

Scripts

DBotPredictURLPhishing

Updated the Docker image to: demisto/mlurlphishing:1.0.0.29930.

Related pull requests:
- 32267

Download

1.1.7 - 762016 (January 14, 2024)

Scripts

DBotPredictURLPhishing

Updated the Docker image to: demisto/mlurlphishing:1.0.0.85026.

Related pull requests:
- 32197

Download

1.1.6 - 6899385 (November 15, 2023)

Scripts

DBotPredictURLPhishing

Updated the Docker image to: demisto/mlurlphishing:1.0.0.29930.

Related pull requests:
- 30903

Download

1.1.5 - 6721193 (October 27, 2023)

Scripts

DBotPredictURLPhishing

Updated the Docker image to: demisto/mlurlphishing:1.0.0.78788.

Related pull requests:
- 30454

Download

1.1.4 - R6704012 (October 25, 2023)

Scripts

DBotPredictURLPhishing

Added the rasterize_timeout argument.

Related pull requests:
- 29165

Download

1.1.3 - 5698017 (July 6, 2023)

Scripts

DBotPredictURLPhishing

Updated the error message in case Rasterize's response is incomplete (e.g., no image data).

Related pull requests:
- 27919

Download

1.1.2 - R5692327 (July 5, 2023)

Scripts

DBotPredictURLPhishing

Fixed an issue where the script would fail in cases where no result was returned from WhoIs integration.

Related pull requests:
- 27563

Download

1.1.1 - 5460239 (June 6, 2023)

PhishingURL

Removed the pack from XSIAM, which does not yet support getMLModel.

Related pull requests:
- 26967

Download

1.1.0 - 5316435 (May 21, 2023)

Scripts

DBotPredictURLPhishing

Added an optional 'reliability' argument to indicate the reliability of the source providing the intelligence data.

Related pull requests:
- 26279

Download

1.0.7 - R5170573 (May 2, 2023)

Scripts

DBotPredictURLPhishing

Fixed an issue where the script failed when providing an emailBody argument containing a URL to a webpage that cannot be found (404).

Related pull requests:
- 25104

Download

PUBLISHER

PLATFORMS

Cortex XSOAR

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	January 6, 2022
Last Release	November 7, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.