The Cofense Triage CDF for ThreatQ ingests Identities, Indicators, Reports and Signature objects as well as their attributes.  Cofense Triage, a phishing-specific incident response platform, helps stop active phishing attacks in progress. By leveraging real-time, internally reported attack intelligence from conditioned users, Cofense Triage makes it easy to stop phishing attacks in progress by eliminating the noise of the abuse mailbox, automating standard responses, and orchestrating across other security systems to quickly respond to and eliminate phishing threats.

• Cofense Triage - fetches all the indicator present on the Cofense DB.
• Cofense Triage Owner (supplemental) - fetches related Identities and their attributes to a given Indicator Id.
• Cofense Triage Report (supplemental) - fetches related Reports and their attributes to a given Indicator Id.
• Cofense Triage Domains (supplemental) - fetches related FQDNs to a given Report Id.
• Cofense Triage Hostnames (supplemental) - fetches related FQDNs to a given Report Id.
• Cofense Triage URLS (supplemental) - fetches related URLs to a given Report Id.
• Cofense Triage Rules (supplemental) - fetches related Rules and their attributes to a given Report Id.

• Identities
  • Identity Attributes
• Indicators
  • Indicator Attributes
• Reports
  • Report Attributes
• Signatures
  • Signature Attributes