Machine Learning Capabilities - Administrator Guide - 6.8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.8
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Machine Learning capabilities using the Phishing Classifier and automations.

The following table describes the available machine learning features and scripts, grouped by its use case.

Feature

Description

More Information

Phishing Classifier

Enables you to train a machine learning model based on your own phishing incidents. The trained model can provide predictions. You can Create a Machine Learning Model, use the Phishing Classifier Demo, and Train a Phishing Classifier on Non-English Languages

Install the Machine Learning content pack to manage machine learning models. For more information see, Machine Learning Models.

FindDuplicateEmailIncidents

This automation finds duplicate past phishing incidents, even if a a few words are different between emails. It helps you to handle duplicate phishing incidents more easily.

Install the Phishing Content Pack, which includes the automation.

FindEmailCampaign

This automation identifies email campaigns, by finding past phishing incidents with high text similarity. If a phishing campaign was found, the output concentrates details regarding the campaign, such as, when it occurred, whether it involved senders and recipients, mutual indicators, email summary, etc. It provides an immediate detailed background (if found) for a given phishing incident.

Install the Phishing Campaign Content Pack, which includes the automation.

DBotFindSimilarIncidents

This automation finds past similar incidents based on incident fields similarity. It also includes an option to display indicators similarity. The model aims to detect similarity through text or JSON, even if the value is different. The automation provides the user with these details. For details, see DBotFindSimilarIncidents Script

Part of the Base Content Pack.

DBotPredictURLPhishing

This automation ingests data such as the screenshot and HTML of a web page, URL syntax, and domain information, and predicts if the URL is a phishing attack. For details, see DBotPredictURLPhishing Script.

Part of the Phishing URL Pack.