Use the Phishing classifier demo to see how a classifier works for machine learning (ml) in Cortex XSOAR.
You can use a pre-trained phishing classifier which enables you to get a prediction for a phishing incident using Cortex XSOAR’s pre-trained model.
The main purpose of the classifier is to demonstrate how the phishing classifier feature works, using the DBotPredictOutOfTheBoxV2
automation, so that you learn how to train a classifier using your own data.
After running the feature, you can see how it works in practice and then create your own machine learning models.
Note
It is not recommend using the classifier for production. It is intended for demonstration purposes only.
When using the out-of the-box phishing playbooks, such as Phishing - Generic v3, the playbook uses the
DbotPredictPhishingWords
automation and not theDBotPredictOutOfTheBoxV2
automation used in this phishing classifier demo.
To run the phishing classifier demo, do the following:
Install the Machine Learning content pack from the Marketplace.
Type the
!DBotPredictOutOfTheBoxV2
command, and add the relevant parameters. For example,!DBotPredictOutOfTheBoxV2 emailBody=`<Copy/paste some sample email body text here.>`.
Note
The output parameters are the same as the output of
DBotPredictPhishingWord
. TheDBotPredictPhishingWord
automation allows you to get a prediction for a phishing incident, using a model trained using your own classifier. For more information, see Machine Learning Models.You can see that the demisto_out_of_the_box_model_v2 machine learning model has been created, by going to → → .
For practical examples, see DbotPredictOutOfTheBox Examples.