Cofense Triage v2
Use the Cofense Triage integration to ingest reported phishing indicators.
Data Enrichment & Threat Intelligence · Cofense Triage
Configuration parameters
host— Server URL (e.g., https://192.168.0.1) (required)user— User (required)token— API Token (required)isFetch— Fetch incidentsincidentType— Incident typemailbox_location— Mailbox Location (required)date_range— First fetch time (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)category_id— Category ID to fetchmatch_priority— Match Priority - the highest match priority based on rule hits for the reporttags— Tags - CSV list of tags of processed reports by which to filtermax_fetch— Maximum number of incidents to fetch each timeinsecure— Trust any certificate (not secure)proxy— Use system proxy settings
Commands (7)
-
cofense-get-attachmentRetrieves an attachment by the attachment ID number.
-
cofense-get-report-by-idRetrieves a report by the report ID number.
-
cofense-get-report-png-by-idRetrieves a report by the report ID number and displays as PNG.
-
cofense-get-reporterRetrieves Email address of the reporter by ID.
-
cofense-get-threat-indicatorsThreat Indicators that are designated by analysts as malicious, suspicious or benign.
-
cofense-search-inbox-reportsRuns a query for reports from the `inbox` mailbox.
-
cofense-search-reportsRuns a query for reports.