In this article, you can learn how to integrate Cortex's XSOAR platform with the PhishER platform. Once you set up this integration, you'll be able to send your PhishER events to XSOAR and do mutations. For example, you can use commands to send PhishER messages and update the message status. Then, you can use this data for your automation and playbooks in XSOAR.
To learn about the benefits of this integration, see our Cortex XSOAR and KnowBe4 document.
Configuring the Integration
To configure the integration, follow the steps below:
- Log in to your XSOAR account.
- Navigate to Settings > Integrations > Servers & Services.
- Search for PhishER.
- Click Add instance to create and configure a new integration instance.
- Fill out the parameters with information about your PhishER platform. For more information, see the table below:
Parameter Description Required Your server URL True API Key True First Fetch Time First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year) False Fetch Incidents False Fetch Limit Maximum number of alerts per fetch. Default is 50, maximum is 100. False Incident type False Trust any certificate (not secure) False Use system proxy settings False - Click Test to validate the URLs, tokens, and connection.
Using Commands
After adding the integration, you can use commands to send data from PhishER to XSOAR.
For a list of commands you can use, see the table below:
Command | Description |
phisher-message-list | Use this command to get messages from PhishER. |
phisher-create-comment | Use this command to add a comment to a PhishER message. |
phisher-update-message | Use this command to update a PhishER message status. The user must provide at least one argument. |
phisher-tags-create | Use this command to add tags to a given message. |
phisher-tags-delete | Use this command to remove tags from a given message. |
For more information, see Cortex XSOAR’s KnowBe4 PhishER documentation.