
Jun 21, 2023
1.0.7
ThreatQ versions >= 4.35.0
Cofense Intelligence
Overview
The Cofense Intelligence
1. Cofense Intelligence - The integration provides an update to the existing Cofense Intel-ligence feed that is seeded with the platform
2. Cofense Intelligence Credential Phishing
Cofense™, formerly PhishMe, is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — phishing. Cofense Intelligence uses proprietary techniques to analyze millions of messages daily from a wide variety of sources. We automatically dissect messages to identify new and emerging phishing and malware threats. Our team of analysts dive into these messages to eliminate false positives while delivering the right intelligence when you need it. Cofense Intelligence is distributed in multiple formats including Machine-Readable Threat Intelligence (MRTI) for quick and easy integration into other security solutions. Find out more at cofense.com.
Most security vendors wait until a threat is at their doorstep before they analyze it and declare it as malicious. This typically involves waiting until a certain number of customers report a suspicious file or endpoint systems pass information back up to the vendor. Consequently, there is a delay between when an attack is launched and when the enterprise finally has reliable information about it. Since each threat is investigated in isolation, all threats are reported as equals without any context about the attack or related attacks. As a result of this approach, security experts do not have the threat intelligence to disrupt the attack or prioritize threat response.
Cofense Intelligence takes a fundamentally different approach in identifying threats as they emerge daily — so you can be proactive in protecting your network.
INTEGRATION HIGHLIGHTS
Cofense Intelligence delivers high-fidelity phishing indicators and contextual information highlighting attacker tactics across their global criminal operation.
Security teams can easily operationalize Cofense Intelligence indicators in the ThreatQ platform.
Indicators of phishing, such as attack vectors and malware families, help analysts in their phishing defense.
Automatically deploy prioritized and relevant data to your sensor grid for detection and blocking.
INTEGRATION USE CASES
The Integration supports a variety of use cases, such as:
- Ingest indicators of phishing, including payload URLs, command and control servers, malicious files, IP addresses and more.
- Extract indicators related to campaigns.
- Import Cofense Intelligence human-readable reports, allowing to easily link indicators with context.
- Extract and store phishing campaigns, malware families and malware artifacts in the Threat Library