I am seeking guidance on implementing a machine learning-based solution for automatic detection of phishing emails within FortiSOAR. The use case is outlined below:
Email Ingestion: FortiSOAR reads each email via the Microsoft GraphQL connector.
URL Analysis: All URLs within the email body are automatically analyzed by a machine learning model to detect phishing attempts, especially when third-party threat intelligence feeds lack data on new phishing URLs.
Domain Lookalike Detection: The system should predict and flag domains that appear to be lookalike domains used for phishing. For example, a domain like www.fortiget.com should be identified with high confidence (e.g., 99%) as a phishing domain.
Manual Validation and Intel Feed Update: After the prediction step, a manual review process should confirm the results. Once confirmed, the phishing domain should be added to the FortiGuard threat intelligence feed for future reference.
The goal is to build an end-to-end solution that leverages DNS queries, gathers metadata such as the domain's creation date, and programmatically fetches URL content. This includes analyzing images and other elements to detect phishing attempts, similar to how a human analyst would.
Please note, I am not looking for suggestions involving VirusTotal, MaxMind, or other external third-party solutions. The solution should focus on native analysis and machine learning capabilities within FortiSOAR.
Thank you in advance for your insights.
Best regards,
Malaya Manas
Any takers ?
Any progress?
This is very interesting use-case to use AI/ML for phishing email automatic detection using SOAR by ingesting and parsing each and every email body. Let's hope FortiSOAR comes up with this feature first than anyone else.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.