Hoxhunt v2.0.8
Integration with Hoxhunt to manage Hoxhunt incidents
Classifiers (3)
Incident fields (31)
- Hox External Classification
- Hox FT Attachments
- Hox FT Body Link
- Hox FT Email From
- Hox FT Email To
- Hox FT ID
- Hox FT Internal Classification
- Hox FT Links
- Hox FT Maliciousness Probability
- Hox FT Message Id
- Hox FT Subject
- Hox First Reported At
- Hox Global Report Count
- Hox Has Sensitive Information
- Hox ID
- Hox Inbox Report Count
- Hox Incident Rule Actions
- Hox Internal Classification
- Hox Last Reported At
- Hox Likely Target Entity
- Hox Message To Users
- Hox Notes
- Hox Phish Report Count
- Hox Report Count
- Hox Reported At Limit
- Hox Send Feedback
- Hox State
- Hox Threat Indicators
- Hox URL
- Hox User Actions
- Hox VIP Report Count
Incident types (3)
Integrations (2)
- Hoxhunt Deprecated
- Hoxhunt v2
Layouts (1)
README
Hoxhunt Integration for Cortex XSOAR
The Hoxhunt Integration automates the ingestion and processing of phishing threats identified in Hoxhunt, enabling streamlined threat response workflows by bringing Hoxhunt-reported incidents into Cortex XSOAR for analysis, enrichment, and remediation.
Use Cases
- Synchronize incident status between Hoxhunt and Cortex XSOAR for consistent lifecycle management.
- Automatically ingest phishing incidents reported in Hoxhunt into Cortex XSOAR for analysis and response.
- Add analytical notes to Hoxhunt incidents directly from Cortex XSOAR workflows.
- Remove threats from Hoxhunt incidents.
- Send SOC feedback to Hoxhunt when closing an incident in Cortex XSOAR.
- Update incident sensitivity based on internal policies.
What does this pack do
-
Fetch Hoxhunt Incidents: Pulls phishing incidents from Hoxhunt into Cortex XSOAR for centralized management and response.
-
Synchronize Incident Data: Ensures up-to-date incident data in both Hoxhunt and Cortex XSOAR, maintaining lifecycle alignment between platforms.
-
Incident Enrichment: Adds detailed threat information to incidents, including screenshots, to support rapid analyst review of phishing evidence.
-
Add and Update Incident Notes: Allows analysts to add contextual notes and updates to Hoxhunt incidents from Cortex XSOAR, aiding collaborative investigation.
-
Remove Threats from Incidents: Enables the removal of threats linked to an incident, streamlining cleanup of false positives or low-priority threats.
-
Send SOC Feedback: Allows SOC teams to provide structured feedback to Hoxhunt, including custom messages, as part of incident resolution.
-
Set Incident Sensitivity and Classification: Sets incident sensitivity and classification directly from Cortex XSOAR, aligning with organizational policies.
-
Update Incident State: Manages incident state transitions, such as between “Open” and “Resolved,” ensuring real-time status updates.
Prerequisites
Hoxhunt external API key: Ensure access to Hoxhunt with necessary permissions.
Acquirable from Hoxhunt admin panel https://admin.hoxhunt.com/account-settings/access-tokens
Main playbook: Hoxhunt - Enrich Incident
Run for incidents fetched from Hoxhunt into XSOAR
Enrich Incident’s main function is to provide a visual reference for the first threat in the Hoxhunt incident, adding additional context to the incident within XSOAR. The screenshot can be used for further review or as part of an investigation report.
Summary of playbook features
- Automated Screenshot: Takes a screenshot of the first threat URL.
- Simple Workflow: Completes automatically with minimal manual intervention, enriching the incident with visual content.