Skip to main content

Cyware Orchestrate

PhishER

App Vendor: KnowBe4

App Category: Email Gateway

Connector Version: 1.1.0

API Version: 1.0.0

About App

PhishER is a lightweight Security Orchestration, Automation, and Response (SOAR) platform that helps orchestrate your threat response and manage the high volume of potentially malicious email messages reported by your users. With automatic prioritization of emails, PhishER helps your InfoSec and security operations team cut through the inbox noise and respond to the most dangerous threats quickly. Additionally, PhishER enables you to automate the workstream of 90% of reported emails that are not threats.

The PhishER app built for the Orchestrate application helps security teams to perform email security actions on the PhishER application and enable security orchestration workflows. You can execute the following actions using the app.

Action Name

Description

Update Message with ID

This action updates messages using the message ID.

Add Comment on Message

This action adds comments to a PhishER message.

Get Message by ID

This action retrieves a PhishER message using the message ID.

Get Messages

This action retrieves paginated messages based on the specified Lucene query.

Configuration Parameters

The following configuration parameters are required for the PhishER App to communicate with the PhishER application. The parameters can be configured by creating instances in the app.

Parameter

Description

Field Type

Required/Optional

Comments

API Key

Enter the API key to access your PhishER application.

Example:

XXXXXXXXUzUxMiJ9.eyJzaXRlIjoidHJhaW5

pbmcua25vd2JlNC5jb20iLCJ1dWlkIjoiNW

QyODQ4MDMtOTg1Yy00NDI0LWE3OGQ

tM2UxNzZmY2FlYzUxIiwic2NvcGVzIjpbIn

BoaXNoZXIiXX0.ACq1kHuevA07Xdiy3Dbk

hwlbAgPfV_OGd93Q_8Adk7RoEU0izOTXx

FYj8m263rXtDaixCVRUYunSYxBZ9KLxA

Text

Required

Base URL

Enter the base URL for your PhishER application.

Example:

https://training.knowbe4.com/graphql

Text

Required

Timeout

Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with PhishER.

Integer

Optional

Allowed range:

15-120

Default value:

15

Verify

Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection.

Boolean

Optional

By default, verification is enabled.

Update Message with ID

This action updates messages using the message ID.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

PhishER Message ID

Specify the unique ID for the message.

Example:

"712ab3cd-45e6-7f08-91gh-i23jk456l78m"

Note: You can retrieve message ID using the "Get Messages" action.

Text

Required

Category

Specify the category for the message.

Example:

"UNKNOWN"

Text

Required

Allowed values:

  • UNKNOWN

  • CLEAN

  • SPAM

  • THREAT

Status

Specify the status of the message.

Example:

"RECEIVED"

Text

Required

Allowed values:

  • RECEIVED

  • IN_REVIEW

  • RESOLVED

Severity

Specify the severity of the message.

Example:

"UNKNOWN_SEVERITY"

Text

Required

Allowed values:

  • UNKNOWN_SEVERITY

  • LOW

  • MEDIUM

  • HIGH

  • CRITICAL

Example Input
[
    {
        "id": "739eb2da-84d5-4c01-86af-e92af960f27f",
        "status": "RECEIVED",
        "category": "UNKNOWN",
        "severity": "LOW"
    }
]
Add Comment on Message

This action adds comments to a PhishER message.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

PhishER Message ID

Specify the unique ID for the message.

Example:

"712ab3cd-45e6-7f08-91gh-i23jk456l78m"

Note: You can retrieve message ID using the "Get Messages" action.

Text

Required

Comment

Enter the comment you wish to add to the message.

Example:

"Example Comment"

Text

Required

Example Input
[
    {
        "id": "739eb2da-84d5-4c01-86af-e92af960f27f",
        "comment": "Example Comment"
    }
]
Get Message by ID

This action retrieves a PhishER message using the message ID.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

PhishER Message ID

Specify the unique ID for the message.

Example:

"712ab3cd-45e6-7f08-91gh-i23jk456l78m"

Note: You can retrieve message ID using the "Get Messages" action.

Text

Required

Example Input
[
    {
        "id": "739eb2da-84d5-4c01-86af-e92af960f27f"
    }
]
Get Messages

This action retrieves paginated messages based on the specified Lucene query.

Action Input Parameters

Parameters

Description

Field Type

Required/Optional

Comments

Query

Specify the lucene query to search against.

Example:

"Message containing Indicators"

Any

Optional

Request all items

Specify if you want to request all items in a single request.

Example:

"true"

Boolean

Optional

Allowed values:

  • true

  • false

Default value:

  • false

Page

Specify the page number to get the results.

Example:

"3"

Integer

Optional

Items per page

Specify the number of items to retrieve in a page.

Example:

"8"

Integer

Optional

Example Input
[
    {
        "Queryid": "Message Containing Indicators",
        "request_all_items": "true",
        "page": "4",
        "items_per_page": "8"
    }
]