SlashNext Phishing Incident Response Deprecated

SlashNext Phishing Incident Response integration allows Cortex XSOAR users to fully automate analysis of suspicious URLs. For example, IR teams responsible for abuse inbox management can extract links or domains out of suspicious emails and automatically analyze them with the SlashNext SEER threat detection cloud to get definitive, binary verdicts (malicious or benign) along with IOCs, screen shots, and more. Automating URL analysis can save IR teams hundreds of hours versus manually triaging these emails or checking URLs and domains against less accurate phishing databases and domain reputation services.

Data Enrichment & Threat Intelligence · SlashNext Phishing Incident Response - Annual Subscription (Direct Subscription) (Deprecated)

Configuration parameters

  • apiurl — SlashNext API Base URL (required)
  • apikey — SlashNext API Key (required)
  • unsecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • integrationReliability — Source Reliability
  • feedExpirationPolicy
  • feedExpirationInterval

Commands (14)

  • domain

    Looks up a Fully Qualified Domain Name (FQDN) indicator in the SlashNext Threat Intelligence database.

  • ip

    Looks up an IP address indicator in the SlashNext Threat Intelligence database.

  • slashnext-api-quota

    Queries the SlashNext cloud database and retrieves the details of API quota.

  • slashnext-download-html

    Downloads a web page HTML against a previous URL scan request.

  • slashnext-download-screenshot

    Downloads a screenshot of a web page against a previous URL scan request.

  • slashnext-download-text

    Downloads the text of a web page against a previous URL scan request.

  • slashnext-host-report

    Queries the SlashNext Cloud database and retrieves a detailed report for a host and associated URL.

  • slashnext-host-reputation

    Queries the SlashNext Cloud database and retrieves the reputation of a host.

  • slashnext-host-urls

    Queries the SlashNext Cloud database and retrieves a list of all URLs associated with the specified host.

  • slashnext-scan-report

    Retrieves the results of a URL scan against a previous scan request. If the scan is finished, results will be returned immediately; otherwise the message "check back later" will be returned.

  • slashnext-url-reputation

    Queries the SlashNext Cloud database and retrieves the reputation of a url.

  • slashnext-url-scan

    Performs a real-time URL scan with SlashNext cloud-based SEER Engine. If the specified URL already exists in the cloud database, scan results will be returned immediately. If not, this command will submit a URL scan request and return with the message "check back later" and include a unique Scan ID. You can check the results of this scan using the "slashnext-scan-report" command anytime after 60 seconds using the returned Scan ID.

  • slashnext-url-scan-sync

    Performs a real-time URL scan with SlashNext cloud-based SEER Engine in a blocking mode. If the specified URL already exists in the cloud database, scan result will be returned immediately. If not, this command will submit a URL scan request and wait for the scan to finish. The scan may take up to 60 seconds to finish.

  • url

    Queries the SlashNext Cloud database and retrieves the reputation of a url.