Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Cofense Vision app icon

Cofense Vision

This app implements investigative and generic actions to quarantine emails, manage IOCs, search messages, download messages and their attachments

Built by
soar product badge
Latest Version 1.0.1
March 16, 2023
Compatibility
Not Available
Platform Version: 7.1, 7.0, 6.4, 6.3, 6.2, 6.1, 6.0, 5.5
Rating

0

(0)

Log in to rate this app
Support
Cofense Vision support icon
Developer Supported connector
Ranking

#23

in Email
This app implements investigative and generic actions to quarantine emails, manage IOCs, search messages, download messages and their attachments

Supported Actions

  • test connectivity: Validate the asset configuration for connectivity using supplied configuration
  • get message metadata: Retrieves the metadata of the message that matches the specified internet message ID and recipient email address
  • get message: Fetches full content of an email and saves it as a zip file to the Vault
  • get message attachment: Fetches an attachment by using its MD5 or SHA256 hash and saves it to the Vault
  • list quarantine jobs: Fetches a list of matching quarantine jobs
  • create quarantine job: Creates a new quarantine job
  • restore quarantine job: Restores emails quarantined by the job identified by the ID
  • list message searches: Retrieves the list of searches
  • get message search: Retrieves the search identified by an ID
  • get quarantine job: Retrieves quarantine job identified by the ID
  • approve quarantine job: Approves the quarantine job identified by the ID. When the Auto Quarantine feature is configured to require manual approvals, this endpoint can approve the pending quarantine jobs
  • delete quarantine job: Deletes the quarantine job identified by the ID
  • get messagesearch results: Retrieves the results for the search identified by the search ID
  • delete ioc: Deletes a single active or expired IOC from the local IOC Repository
  • stop quarantine job: Issues a request to stop the quarantine job identified by ID
  • create message search: Creates a new search based on the user-specified filters
  • get last ioc: Retrieves the last updated IOC from the local IOC Repository. It may return an active or an expired IOC
  • update iocs: Updates one or more IOCs stored in the local IOC repository
  • update ioc: Updates the IOC identified by its unique MD5 ID
  • list iocs: Lists the IOCs stored in the local IOC Repository
  • get ioc: Retrieves the IOC identified by its unique MD5 ID
  • list searchable headers: Retrieves a list of configured header keys that can be used to create a message search
  • download logs: Downloads the log files for all Cofense Vision components

Categories

Created By

SOAR Community

Source Code

cofensevision(Opens new window)

Type

connector

Downloads

345

Licensing

Apache License Version 2.0(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing