PhishER

Cyware Orchestrate

PhishER

App Vendor: KnowBe4

App Category: Email Gateway

Connector Version: 1.0.0

API Version: 1.0.0

About App

PhishER is a lightweight Security Orchestration, Automation, and Response (SOAR) platform that helps orchestrate your threat response and manage the high volume of potentially malicious email messages reported by your users. With automatic prioritization of emails, PhishER helps your InfoSec and security operations team cut through the inbox noise and respond to the most dangerous threats quickly. Additionally, PhishER enables you to automate the workstream of 90% of reported emails that are not threats.

The PhishER app built for the Orchestrate application helps security teams to perform email security actions on the PhishER application and enable security orchestration workflows. You can execute the following actions using the app.

Action Name	Description
Update Message with ID	This action updates messages using the message ID.
Add Comment on Message	This action adds comments to a PhishER message.
Get Message by ID	This action retrieves a PhishER message using the message ID.
Get Messages	This action retrieves paginated messages based on the specified Lucene query.

Configuration Parameters

The following configuration parameters are required for the PhishER App to communicate with the PhishER application. The parameters can be configured by creating instances in the app.

Parameter	Description	Field Type	Required/Optional	Comments
API Key	Enter the API key to access your PhishER application. Example: "XXXXXXXXUzUxMiJ9.eyJzaXRlIjoidHJhaW5 pbmcua25vd2JlNC5jb20iLCJ1dWlkIjoiNW QyODQ4MDMtOTg1Yy00NDI0LWE3OGQ tM2UxNzZmY2FlYzUxIiwic2NvcGVzIjpbIn BoaXNoZXIiXX0.ACq1kHuevA07Xdiy3Dbk hwlbAgPfV_OGd93Q_8Adk7RoEU0izOTXx FYj8m263rXtDaixCVRUYunSYxBZ9KLxA"	Text	Required
Base URL	Enter the base URL for your PhishER application. Example: "https://training.knowbe4.com/graphql"	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

API Key

Enter the API key to access your PhishER application.

Example:

"XXXXXXXXUzUxMiJ9.eyJzaXRlIjoidHJhaW5

pbmcua25vd2JlNC5jb20iLCJ1dWlkIjoiNW

QyODQ4MDMtOTg1Yy00NDI0LWE3OGQ

tM2UxNzZmY2FlYzUxIiwic2NvcGVzIjpbIn

BoaXNoZXIiXX0.ACq1kHuevA07Xdiy3Dbk

hwlbAgPfV_OGd93Q_8Adk7RoEU0izOTXx

FYj8m263rXtDaixCVRUYunSYxBZ9KLxA"

Text

Required

Base URL

Enter the base URL for your PhishER application.

Example:

"https://training.knowbe4.com/graphql"

Text

Required

Update Message with ID

This action updates messages using the message ID.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
PhishER Message ID	Specify the unique ID for the message. Example: "712ab3cd-45e6-7f08-91gh-i23jk456l78m" Note: You can retrieve message ID using the "Get Messages" action.	Text	Required
Category	Specify the category for the message. Example: "UNKNOWN"	Text	Required	Allowed values: UNKNOWN CLEAN SPAM THREAT
Status	Specify the status of the message. Example: "RECEIVED"	Text	Required	Allowed values: RECEIVED IN_REVIEW RESOLVED
Severity	Specify the severity of the message. Example: "UNKNOWN_SEVERITY"	Text	Required	Allowed values: UNKNOWN_SEVERITY LOW MEDIUM HIGH CRITICAL

Example Input

[
    {
        "id": "739eb2da-84d5-4c01-86af-e92af960f27f",
        "status": "RECEIVED",
        "category": "UNKNOWN",
        "severity": "LOW"
    }
]

Add Comment on Message

This action adds comments to a PhishER message.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

PhishER Message ID

Specify the unique ID for the message.

Example:

"712ab3cd-45e6-7f08-91gh-i23jk456l78m"

Note: You can retrieve message ID using the "Get Messages" action.

Text

Required

Comment

Enter the comment you wish to add to the message.

Example:

"Example Comment"

Text

Required

Example Input

[
    {
        "id": "739eb2da-84d5-4c01-86af-e92af960f27f",
        "comment": "Example Comment"
    }
]

Get Message by ID

This action retrieves a PhishER message using the message ID.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

PhishER Message ID

Specify the unique ID for the message.

Example:

"712ab3cd-45e6-7f08-91gh-i23jk456l78m"

Note: You can retrieve message ID using the "Get Messages" action.

Text

Required

Example Input

[
    {
        "id": "739eb2da-84d5-4c01-86af-e92af960f27f"
    }
]

Get Messages

This action retrieves paginated messages based on the specified Lucene query.

Action Input Parameters

Parameters	Description	Field Type	Required/Optional	Comments
Query	Specify the lucene query to search against. Example: "Message containing Indicators"	Any	Optional
Request all items	Specify if you want to request all items in a single request. Example: "true"	Boolean	Optional	Allowed values: true false Default value: false
Page	Specify the page number to get the results. Example: "3"	Integer	Optional
Items per page	Specify the number of items to retrieve in a page. Example: "8"	Integer	Optional

Example Input

[
    {
        "Queryid": "Message Containing Indicators",
        "request_all_items": "true",
        "page": "4",
        "items_per_page": "8"
    }
]

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.

Cyware Orchestrate

PhishER

About App

Configuration Parameters

Update Message with ID

Action Input Parameters

Example Input

Add Comment on Message

Action Input Parameters

Example Input

Get Message by ID

Action Input Parameters

Example Input

Get Messages

Action Input Parameters

Example Input

Search results