Phishing Command Examples Using a Machine Learning Model - Administrator Guide - 6.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.5
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Examples of using the machine learning (ml) DbotPredictPhishingWords command in the War Room after creating a machine learning model in Cortex XSOAR.

In this example, we have created a machine learning model, called “demoModel” that predicts the following:

ml_results.png

For an example how to create the machine learning model, see Machine Learning Model Example.

After running the command, Cortex XSOAR returns the following information:

  • TextTokensHighlighted: The text of the email message with the highlighted positive words (if found).

  • Label: The predicted label found by the model.

  • Probability: The prediction probability.

  • PositiveWords: Words that encouraged the model to make the prediction.

  • NegativeWords: Words that are in general not correlated with the predicted class and reduced the model’s confidence in its prediction.

In the War Room, run the following commands:

!DBotPredictPhishingWords modelName="demoModel" emailBody=”Your email account was LOGIN today by Unknown IP address: 10.240.180.228, click on UPDATE <http://helpd.moonfruit.com/> to validate and verify your email account now to avoid Outlook Web App been disabled for user”

ml-dbot-eg1.png

!DBotPredictPhishingWords modelName="demoModel" emailBody=“Your Outlook Exceeded its storage limit Click here <https://docs.google.com/forms/d/e/1FAIpQLSckF75SUgErVFmTEfHhhFkiX2-4V2tgC0nssDvpkqZnPz4pkQ/viewform> fill and SUBMIT for more space or you wont be able to send Mail.”

ml-dbot-eg3.png

!DBotPredictPhishingWords modelName="demoModel" emailBody=“Dear member, the credit card we have on file for your PayPal service was declined when we attempted to bill you for your most recent service fees. For this reason, your service could be suspended. You must update your billing information immediately in order to avoid any interruption to your services”

ml-dbot-eg4.png

DBotPredictPhishingWords modelName="demoModel" emailBody=“lose 22.5lbs in 3 weeks! flush fat away forever! free 30-day supply **http://www.adclick.ws/p.cfm?o=423&s=pk19.** to unsubscribe, click below: http://u2.azoogle.com/?z=93-1090346-62llc4”

ml-dbot-eg5.png