You can use a pretrained phishing classifier which enables you to get a prediction for a phishing incident using Cortex XSOAR’s pre-trained model.
The main purpose of the classifier is to demonstrate how the phishing classifier feature works, using the
DBotPredictOutOfTheBoxV2 automation, so that you learn how to train a classifier using your own data.
After running the feature, you can see how it works in practice and then create your own machine learning models.
It is not recommend using the classifier for production. It is intended for demonstration purposes only.
When using the out-of the-box phishing playbooks, such as Phishing - Generic v3, the playbook uses the
DbotPredictPhishingWordsautomation and not the
DBotPredictOutOfTheBoxV2automation used in this phishing classifier demo.
To run the phishing classifier demo, do the following:
Install the Machine Learning content pack from the Marketplace.
!DBotPredictOutOfTheBoxV2command, and add the relevant parameters. For example,
!DBotPredictOutOfTheBoxV2 emailBody=`<Copy/paste some sample email body text here.>`.
The output parameters are the same as the output of
DBotPredictPhishingWordautomation allows you to get a prediction for a phishing incident, using a model trained using your own classifier. For more information, see Machine Learning Models.
You can see that the demisto_out_of_the_box_model_v2 machine learning model has been created, by going to → → .
For practical examples, see Phishing Classifier Demo Examples.