Integrating Tines and PhishER Webhooks
Webhooks, also known as an HTTP push API, is a way for an app to provide other applications with real-time information. Under Actions, you can select the Send to Webhooks option to send to the reported messages that are related to that Action and Webhook. You will be able to receive a callback URL based on an Action that is attached to a message once the Action is triggered.
The Tines platform makes it easy for you to offload any of your monotonous workflows, giving you back time to increase your impact. You can connect to any REST API or web application in seconds and use templates to automate quickly and easily.
PhishER's Webhooks can be used with Tines to send information from the PhishER platform to your Tines platform. This article will help you set up webhooks to send a message to your Tines platform any time a user reports an email using the Phish Alert Button.
Jump to:
PhishER Webhook Settings
Connecting to Tines
PhishER Webhook Settings
The recommended settings below can be used to set up webhooks in your PhishER platform to communicate with your SOAR platform:
You can customize the name of your Webhook to reflect the SOAR platform that you use to communicate within your organization.
Be sure to enter the URL that you want to callback to. If you would like to rewrite or shorten the URL, we recommend you use one of our compatible rewrites and shorteners listed in our PhishER FAQ article.
Connecting to Tines
Once you have connected your SOAR platform to PhishER Webhooks, you will need to build an external workflow to execute these functions.
- Create an ingestion point to parse the Webhook payload.
- Unpack the EML contents from the Signed S3 URL.
- Run intelligence on email domains, IP addresses, and links. You can use third party and internal threat intel to run the intelligence.
- Go to your Slack Workspace and build a custom Slack App with the following manifest template. Note: clicking on the image below will open a new window with the manifest text file.
- Use the Webhook URL from your Slack Workspace to point to the Slack channel of your choice.
- Pack the Intel into the Slack Block Kit format. You can use the provided Slack Block Kit to pack your intel. Note: Clicking on the image below will open a new window with the manifest text file.
- Send the Intel to your Slack App via HTTPs POST Call.
- POST Slack Message and the message will be posted to the Slack channel.
Example Tines Story
You can use the .txt file below as a starting point to connecting PhishER to your Tines platform. Once you access the manifest file by clicking the image, you can import the story to the Tines group of your choosing. Note: Clicking on the image will open a new window with the manifest file.
For further assistance with this feature, please contact our support team and they will be happy to help.
Comments
0 comments
Article is closed for comments.