Fortra Phishlabs Security

13 min

as part of the email incident response service, phishlabs provides suspicious email analysis, which provides 24/7 expert triage and analysis of threats reported by users included with the suspicious email analysis service, the incident data api provides the results of the email classification and supporting metadata in a structured format all incidents, regardless of classification, will be available via api and available data may include parsed email body, email classification, urls, and other attributes when available prerequisites a phishlabs account username and password for the phishlabs api configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get incident returns a single incident based on the given id endpoint url /idapi/v1/incidents/{{service}}/{{id}} method get input argument name type required description path parameters service string optional parameters for the get incident action path parameters id string optional parameters for the get incident action input example {"path parameters" {"service" "eir","id" "inc0094172"}} output parameter type description metadata object response data metadata count number response data incidents array unique identifier incidents id string unique identifier incidents title string unique identifier incidents description string unique identifier incidents status string unique identifier incidents created string unique identifier incidents modified string unique identifier incidents closed string unique identifier incidents duration number unique identifier incidents service string unique identifier incidents details object unique identifier incidents details casetype string unique identifier incidents details classification string unique identifier incidents details subclassification string unique identifier incidents details severity string unique identifier incidents details emailreportedby string unique identifier incidents details emailreceiveddate string unique identifier incidents details emailbody string request body data incidents details messageid string unique identifier incidents details submissionmethod string http method to use incidents details sender string unique identifier incidents details furtherreviewreason string unique identifier incidents details offlineuponreview boolean unique identifier output example {"metadata" {"count" 1},"incidents" \[{"id" "inc123456","title" "fwd phishing email","description" "this is a malicious phishing email ","status" "closed","created" "2019 09 24t16 17 49z","modified" "2019 09 24t16 40 35z","closed" "2019 09 24t16 40 35z","duration" 1366,"service" "sea","details" {}}]} get incidents returns a set of incidents filtered by the given query parameters endpoint url /idapi/v1/incidents/{{service}} method get input argument name type required description path parameters service string required the service to query eir parameters status string optional parameters for the get incidents action parameters created after string optional parameters for the get incidents action parameters created before string optional parameters for the get incidents action parameters closed after string optional parameters for the get incidents action parameters closed before string optional parameters for the get incidents action parameters limit number optional parameters for the get incidents action parameters offset number optional parameters for the get incidents action parameters sort string optional parameters for the get incidents action parameters message id string optional parameters for the get incidents action input example {"parameters" {"status" "closed","created after" "2019 04 12t23 20 50z","created before" "2019 04 12t23 20 50z","closed after" "2019 04 12t23 20 50z","closed before" "2019 04 12t23 20 50z","limit" 25,"offset" 0,"sort" "asc","message id" "1234567890"},"path parameters" {"service" "eir"}} output parameter type description metadata object response data metadata count number response data incidents array unique identifier incidents id string unique identifier incidents service string unique identifier incidents title string unique identifier incidents description string unique identifier incidents status string unique identifier incidents details object unique identifier incidents details casetype string unique identifier incidents details classification string unique identifier incidents details subclassification string unique identifier incidents details severity object unique identifier incidents details emailreportedby string unique identifier incidents details emailreceiveddate string unique identifier incidents details submissionmethod string http method to use incidents details sender string unique identifier incidents details emailbody string request body data incidents details messageid string unique identifier incidents details urls array url endpoint for the request incidents details urls url string url endpoint for the request incidents details urls malicious boolean url endpoint for the request incidents details urls maliciousdomain boolean url endpoint for the request incidents details attachments array unique identifier incidents details attachments file name string unique identifier output example {"json body" {"metadata" {"count" 25},"incidents" \[{},{}]}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt