Fortra Phishlabs Security

fortra phishlabs security is a platform that provides threat intelligence and incident response services to combat phishing attacks fortra phishlabs security is a comprehensive platform designed to automate phishing incident response and threat intelligence this connector allows users to seamlessly integrate fortra phishlabs security with swimlane turbine, enabling the retrieval of phishing incidents and detailed incident data by leveraging this integration, security teams can enhance their incident response capabilities, streamline workflows, and improve threat detection and analysis within their security operations center (soc) prerequisites before you can use the fortra phishlabs security connector for turbine, you'll need access to the fortra phishlabs api this requires the following http basic authentication using the following parameters url the endpoint url for accessing fortra phishlabs security api username your fortra phishlabs account username password your fortra phishlabs account password additional documentation fortra phishlabs security connector documentation https //docs swimlane com/connectors/fortra phishlabs securityfortra phishlabs security api documentation https //csi phishlabs com/fortra phishlabs security authentication guide https //docs swimlane com/authentication guides/fortra phishlabs security configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get incident returns a single incident from fortra phishlabs security based on the given id endpoint url /idapi/v1/incidents/{{service}}/{{id}} method get input argument name type required description path parameters service string optional parameters for the get incident action path parameters id string optional parameters for the get incident action input example {"path parameters" {"service" "eir","id" "inc0094172"}} output parameter type description metadata object response data metadata count number response data incidents array unique identifier incidents id string unique identifier incidents title string unique identifier incidents description string unique identifier incidents status string unique identifier incidents created string unique identifier incidents modified string unique identifier incidents closed string unique identifier incidents duration number unique identifier incidents service string unique identifier incidents details object unique identifier incidents details casetype string unique identifier incidents details classification string unique identifier incidents details subclassification string unique identifier incidents details severity string unique identifier incidents details emailreportedby string unique identifier incidents details emailreceiveddate string unique identifier incidents details emailbody string request body data incidents details messageid string unique identifier incidents details submissionmethod string http method to use incidents details sender string unique identifier incidents details furtherreviewreason string unique identifier incidents details offlineuponreview boolean unique identifier output example {"metadata" {"count" 1},"incidents" \[{"id" "inc123456","title" "fwd phishing email","description" "this is a malicious phishing email ","status" "closed","created" "2019 09 24t16 17 49z","modified" "2019 09 24t16 40 35z","closed" "2019 09 24t16 40 35z","duration" 1366,"service" "sea","details" {}}]} get incidents return a set of incidents filtered by specified query parameters in fortra phishlabs security requires the 'service' path parameter endpoint url /idapi/v1/incidents/{{service}} method get input argument name type required description path parameters service string required the service to query eir parameters status string optional parameters for the get incidents action parameters created after string optional parameters for the get incidents action parameters created before string optional parameters for the get incidents action parameters closed after string optional parameters for the get incidents action parameters closed before string optional parameters for the get incidents action parameters limit number optional parameters for the get incidents action parameters offset number optional parameters for the get incidents action parameters sort string optional parameters for the get incidents action parameters message id string optional parameters for the get incidents action input example {"parameters" {"status" "closed","created after" "2019 04 12t23 20 50z","created before" "2019 04 12t23 20 50z","closed after" "2019 04 12t23 20 50z","closed before" "2019 04 12t23 20 50z","limit" 25,"offset" 0,"sort" "asc","message id" "1234567890"},"path parameters" {"service" "eir"}} output parameter type description metadata object response data metadata count number response data incidents array unique identifier incidents id string unique identifier incidents service string unique identifier incidents title string unique identifier incidents description string unique identifier incidents status string unique identifier incidents details object unique identifier incidents details casetype string unique identifier incidents details classification string unique identifier incidents details subclassification string unique identifier incidents details severity object unique identifier incidents details emailreportedby string unique identifier incidents details emailreceiveddate string unique identifier incidents details submissionmethod string http method to use incidents details sender string unique identifier incidents details emailbody string request body data incidents details messageid string unique identifier incidents details urls array url endpoint for the request incidents details urls url string url endpoint for the request incidents details urls malicious boolean url endpoint for the request incidents details urls maliciousdomain boolean url endpoint for the request incidents details attachments array unique identifier incidents details attachments file name string unique identifier output example {"json body" {"metadata" {"count" 25},"incidents" \[{},{}]}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt