Integration guide

TheHive case handoff

PhishNet turns phishing observations into evidence-ready handoff packs that can support external case workflows.

Request demoRead researchOpen dashboard

Direct answer

Does PhishNet replace case management? No. It prepares phishing intelligence and evidence that can be pushed into case workflows.

Research framing

Response teams need preserved evidence, analyst decision history and next actions.

Attack mechanism

PhishNet handoff packs include source provenance, screenshots or archive references, redirect chains, extracted entities, confidence and sensitivity notes.

Evidence and source model

Case pushes should be human-controlled and auditable.

Belgian and European relevance

The public page explains the workflow; authenticated users generate actual packs.

How PhishNet operationalizes this

Evidence links and graph views remain central so responders can review context before action.

Analyst implications

The operational question is not whether an isolated row looks interesting. The question is whether the signal is fresh, provenance-rich, corroborated, evidence-ready and connected to brands, sectors, infrastructure, kits, mule routes or public-warning context. PhishNet therefore presents confirmed, corroborated suspicious, review-candidate and context-only states separately.

Limits and uncertainty

Sensitive artifacts remain restricted.

Research takeaway

Phishing intelligence becomes valuable when repeated structure appears: the same brand on new infrastructure, the same kit across domains, the same phone or IBAN route after takedowns, the same ad/search pathway, or the same evidence pattern in multiple independent source families.

How PhishNet uses this

Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.

Selected sources and research

These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.

APWG Phishing Activity Trends Reports ENISA Threat Landscape 2025 Why Phishing Works, Dhamija, Tygar and Hearst, CHI 2006 CCB Belgium: phishing messages surge urlscan.io API documentation Microsoft Ad Library API Common Crawl CDX Index

Common questions

Does PhishNet replace case management?

No. It prepares phishing intelligence and evidence that can be pushed into case workflows.

Related reading

Platform

Evidence and takedown workflows

Turn phishing OSINT into preserved evidence, analyst decisions, abuse-desk exports and CERT handoff packs.
Solutions

Phishing OSINT for CERT and CSIRT teams

Country-level phishing, smishing, active OSINT, kit intelligence, evidence and export workflows for national and sector response teams.