PhishER
App Vendor: KnowBe4
App Category: Email Gateway
Connector Version: 1.1.0
API Version: 1.0.0
About App
PhishER is a lightweight Security Orchestration, Automation, and Response (SOAR) platform that helps orchestrate your threat response and manage the high volume of potentially malicious email messages reported by your users. With automatic prioritization of emails, PhishER helps your InfoSec and security operations team cut through the inbox noise and respond to the most dangerous threats quickly. Additionally, PhishER enables you to automate the workstream of 90% of reported emails that are not threats.
The PhishER app built for the Orchestrate application helps security teams to perform email security actions on the PhishER application and enable security orchestration workflows. You can execute the following actions using the app.
Action Name | Description |
---|---|
Update Message with ID | This action updates messages using the message ID. |
Add Comment on Message | This action adds comments to a PhishER message. |
Get Message by ID | This action retrieves a PhishER message using the message ID. |
Get Messages | This action retrieves paginated messages based on the specified Lucene query. |
Configuration Parameters
The following configuration parameters are required for the PhishER App to communicate with the PhishER application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
API Key | Enter the API key to access your PhishER application. Example: XXXXXXXXUzUxMiJ9.eyJzaXRlIjoidHJhaW5 pbmcua25vd2JlNC5jb20iLCJ1dWlkIjoiNW QyODQ4MDMtOTg1Yy00NDI0LWE3OGQ tM2UxNzZmY2FlYzUxIiwic2NvcGVzIjpbIn BoaXNoZXIiXX0.ACq1kHuevA07Xdiy3Dbk hwlbAgPfV_OGd93Q_8Adk7RoEU0izOTXx FYj8m263rXtDaixCVRUYunSYxBZ9KLxA | Text | Required | |
Base URL | Enter the base URL for your PhishER application. Example: https://training.knowbe4.com/graphql | Text | Required | |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with PhishER. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is enabled. |
Update Message with ID
This action updates messages using the message ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
PhishER Message ID | Specify the unique ID for the message. Example: "712ab3cd-45e6-7f08-91gh-i23jk456l78m" Note: You can retrieve message ID using the "Get Messages" action. | Text | Required | |
Category | Specify the category for the message. Example: "UNKNOWN" | Text | Required | Allowed values:
|
Status | Specify the status of the message. Example: "RECEIVED" | Text | Required | Allowed values:
|
Severity | Specify the severity of the message. Example: "UNKNOWN_SEVERITY" | Text | Required | Allowed values:
|
Example Input
[ { "id": "739eb2da-84d5-4c01-86af-e92af960f27f", "status": "RECEIVED", "category": "UNKNOWN", "severity": "LOW" } ]
Add Comment on Message
This action adds comments to a PhishER message.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
PhishER Message ID | Specify the unique ID for the message. Example: "712ab3cd-45e6-7f08-91gh-i23jk456l78m" Note: You can retrieve message ID using the "Get Messages" action. | Text | Required | |
Comment | Enter the comment you wish to add to the message. Example: "Example Comment" | Text | Required |
Example Input
[ { "id": "739eb2da-84d5-4c01-86af-e92af960f27f", "comment": "Example Comment" } ]
Get Message by ID
This action retrieves a PhishER message using the message ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
PhishER Message ID | Specify the unique ID for the message. Example: "712ab3cd-45e6-7f08-91gh-i23jk456l78m" Note: You can retrieve message ID using the "Get Messages" action. | Text | Required |
Example Input
[ { "id": "739eb2da-84d5-4c01-86af-e92af960f27f" } ]
Get Messages
This action retrieves paginated messages based on the specified Lucene query.
Action Input Parameters
Parameters | Description | Field Type | Required/Optional | Comments |
---|---|---|---|---|
Query | Specify the lucene query to search against. Example: "Message containing Indicators" | Any | Optional | |
Request all items | Specify if you want to request all items in a single request. Example: "true" | Boolean | Optional | Allowed values:
Default value:
|
Page | Specify the page number to get the results. Example: "3" | Integer | Optional | |
Items per page | Specify the number of items to retrieve in a page. Example: "8" | Integer | Optional |
Example Input
[ { "Queryid": "Message Containing Indicators", "request_all_items": "true", "page": "4", "items_per_page": "8" } ]