• Last Updated
    Dec 10, 2024
  • Version
    1.1.6
  • Compatibility
    ThreatQ versions >= 4.38.0
  • Cofense Triage

    Overview

    The Cofense Triage CDF for ThreatQ ingests Identities, Indicators, Reports and Signature objects as well as their attributes.  Cofense Triage, a phishing-specific incident response platform, helps stop active phishing attacks in progress. By leveraging real-time, internally reported attack intelligence from conditioned users, Cofense Triage makes it easy to stop phishing attacks in progress by eliminating the noise of the abuse mailbox, automating standard responses, and orchestrating across other security systems to quickly respond to and eliminate phishing threats.

    The integration provides the following feeds:
    • Cofense Triage - fetches all the indicator present on the Cofense DB.
    • Cofense Triage Owner (supplemental) - fetches related Identities and their attributes to a given Indicator Id.
    • Cofense Triage Report (supplemental) - fetches related Reports and their attributes to a given Indicator Id.
    • Cofense Triage Domains (supplemental) - fetches related FQDNs to a given Report Id.
    • Cofense Triage Hostnames (supplemental) - fetches related FQDNs to a given Report Id.
    • Cofense Triage URLS (supplemental) - fetches related URLs to a given Report Id.
    • Cofense Triage Rules (supplemental) - fetches related Rules and their attributes to a given Report Id.
    The integration ingests the following system objects:
    • Identities
      • Identity Attributes
    • Indicators
      • Indicator Attributes
    • Reports
      • Report Attributes
    • Signatures
      • Signature Attributes

    Screenshots (2)

    Copyright © 2025, ThreatQuotient, Inc. All Rights Reserved. Privacy Policy