Click on your username on the upper right side of the screen and chooseAPIfrom the drop down menu.
The page displaying your API Key and Authorization Request will appear. Copy
your given API Key to use it as a part of the Authorization process further
in configuring Phishing Initiative.
Configure Phishing Initiative integration in Google Security Operations
For detailed instructions on how to configure an integration in
Google SecOps, seeConfigure
integrations.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-07 UTC."],[[["\u003cp\u003eThis document details the configuration and usage of the Phishing Initiative integration, version 9.0, within Google Security Operations SOAR.\u003c/p\u003e\n"],["\u003cp\u003eTo obtain your API Key for the Phishing Initiative, you must sign in to your account on their website, navigate to the API section under your username, and copy the provided key.\u003c/p\u003e\n"],["\u003cp\u003eThe "Get URL Status" action allows you to check the status of a URL, returning enrichment data such as the URL itself, tag, and tag label, if they exist.\u003c/p\u003e\n"],["\u003cp\u003eThe "Ping" action can be used to verify the connectivity of the Phishing Initiative integration, with the script result indicating success or failure.\u003c/p\u003e\n"],["\u003cp\u003eThe provided JSON result examples demonstrate the data format returned by the "Get URL Status" action, showing URL status, tag and tag label information.\u003c/p\u003e\n"]]],[],null,["Phishing Initiative\n\nIntegration version: 9.0\n\nCredentials - API Key and Token Authorization\n\n1. First, to obtain your API Key, sign in to your [PhisingInitiative\n Account](https://phishing-initiative.eu/contrib/).\n\n2. Click on your username on the upper right side of the screen and choose\n **API** from the drop down menu.\n\n3. The page displaying your API Key and Authorization Request will appear. Copy\n your given API Key to use it as a part of the Authorization process further\n in configuring Phishing Initiative.\n\nConfigure Phishing Initiative integration in Google Security Operations\n\nFor detailed instructions on how to configure an integration in\nGoogle SecOps, see [Configure\nintegrations](/chronicle/docs/soar/respond/integrations-setup/configure-integrations).\n\nActions\n\nGet URL Status\n\nDescription\n\nGet the status of a URL.\n\nParameters\n\nN/A\n\nUse cases\n\nN/A\n\nRun On\n\nThis action runs on the URL entity.\n\nAction Results\n\nEntity Enrichment\n\n| **Enrichment Field Name** | **Logic - When to apply** |\n|---------------------------|-------------------------------------|\n| url | Returns if it exists in JSON result |\n| tag | Returns if it exists in JSON result |\n| tag_label | Returns if it exists in JSON result |\n\nInsights\n\nN/A\n\nScript Result\n\n| **Script Result Name** | **Value Options** | **Example** |\n|------------------------|-------------------|-------------------|\n| is_phishing | True/False | is_phishing:False |\n\nJSON Result \n\n [\n {\n \"EntityResult\": {\n \"url\": \"https: //www.dieutribenhkhop.com\",\n \"tag\": -1,\n \"tag_label\": \"notsubmitted\"\n },\n \"Entity\": \"https: //www.dieutribenhkhop.com\"\n },{\n \"EntityResult\": {\n \"url\": \"http: //markossolomon.com/f1q7qx.php\",\n \"tag\": -1,\n \"tag_label\": \"notsubmitted\"\n },\n \"Entity\": \"HTTP: //MARKOSSOLOMON.COM/F1Q7QX.PHP\"\n }\n ]\n\nPing\n\nDescription\n\nTest Connectivity.\n\nParameters\n\nN/A\n\nUse cases\n\nN/A\n\nRun On\n\nThis action runs on all entities.\n\nAction Results\n\nEntity Enrichment\n\nN/A\n\nInsights\n\nN/A\n\nScript Result\n\n| **Script Result Name** | **Value Options** | **Example** |\n|------------------------|-------------------|------------------|\n| is_success | True/False | is_success:False |\n\nJSON Result \n\n N/A\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
