Get case data
Action ID:tools.phishlabs.get_case_data
Get PhishLabs case API data.
Reference: https://caseapi.phishlabs.com/v1/data/docs/
Secrets
Required secrets:phishlabs: required valuesPL_USERNAME,PL_PASSWORD.
Input fields
Filter cases based on the case status. Default is “Pending Input”.Default:
[ "Pending Input" ].Filter cases by case type.Default:
[].Maximum number of cases to return. Default is 100, minimum is 20, maximum is 200.Default:
100.If False, disables SSL verification for internal networks.Default:
true.Get feed data
Action ID:tools.phishlabs.get_feed_data
Get PhishLabs feed API data.
Reference: https://feed.phishlabs.com/redoc#operation/Feed_GetBAFeed
Secrets
Required secrets:phishlabs: required valuesPL_CUSTOMER_ID,PL_USERNAME,PL_PASSWORD.
Input fields
The start date of date range (date and time). eg. 2023-01-01 10:00.Default:
null.Include the integer that maps to the type of incident you want returned. Default is 0.Default:
0.The status of the incident as it appears in the Web App. Default is “Requires Input”.Default:
"Requires Input".The end date of date range (date and time). eg. 2023-01-07 10:00.Default:
null.If False, disables SSL verification for internal networks.Default:
true.Get threat intel data
Action ID:tools.phishlabs.get_threat_data
Get PhishLabs Threat Intel API data.
Reference: https://threatintel.phishlabs.com/redoc/incidentexternalapi
Secrets
Required secrets:phishlabs: required valuesPL_CLIENT_ID,PL_CLIENT_SECRET.
Input fields
The severity of incidents to be returned. ‘Low’, ‘Medium’, ‘High’Default:
[].The status code(s) of the incident.Default:
[ "RequiresInput", "RequiresApproval" ].The type of Incident to be returned. ‘SocialMedia’ or ‘DarkWeb’Default:
null.The number of records to return per page.Default:
200.The type of Threats to be returned. Threat Types ending with “SM” are Social Media, “DW” are Dark Web.Default:
[].