Cofense Triage

This app supports investigative actions that enable the security teams to analyze and respond to phishing faster

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using the supplied configuration
• on poll: Callback action for the on_poll ingest functionality
• get threat indicators: Retrieve the subjects, senders, domains, URLs, or MD5 or SHA256 hashes that operators identified in Cofense Triage as threat indicators within a specified timeframe
• get reports: Retrieve all reports in the Inbox, Recon, and Processed folders that match specified parameters
• get report: Retrieve a single report that matches the specified report ID. Optionally ingest to a provided label
• get email: Downloads the raw email attachment for the report that matches the specified report ID
• get file: Downloads and vault the attachment that matches the specified attachment ID
• get reporters: Retrieves information about reporters, such as their email address and credit score, whether they are VIP reporters, how many reports they reported, and the date and time of their last report
• get reporter: Retrieve reporter that matches the specified reporter ID
• run query: Retrieve integration results based on the specified hash (MD5 or SHA256) or URL. Specify only one parameter (sha256, md5, or URL) with this method