Cofense Triage™, phishing detection and response (PDR) platform, accelerates phishing email identification and mitigation. Cofense Triage finds the phish that secure email gateways (SEG) miss. With Cofense Triage, security teams speed analysis of user-reported emails, find real phish faster, and respond more effectively. Cofense Triage gives incident responders the ability to act on all phishing alerts quickly by automating threat qualification and investigation. SOC teams can focus on interpreting results and responding to phishing threats effectively. As soon as a suspicious email gets reported, thousands of intelligence-driven YARA rules automatically assess the report, clustering it with reports containing similar payloads, and surfacing the highest priority threats for immediate action.
The integration with ServiceNow Security Incident Response (SIR) allows SOCs to ingest reported phishing emails from Cofense Triage’s inbox, reconnaissance, and processed queues. Security incident response tickets can be created based on the threats uncovered by Cofense Triage, starting at the cluster level. SOC analysts working incidents in ServiceNow will be able to view the email threat, download attributes, ingest threat indicators, run playbooks, prioritize workflow based on security categorization and severity, and bidirectionally communicate with Cofense Triage to update reporting phishing incidents. Empower SOCs with Cofense Triage industry-leading phishing-specific analysis and response and operationalize incident response workflow with ServiceNow Security Incident Response.
- Ingest employee-reported phishing emails from Cofense Triage™ based on severity, category, threat indicators, and reporter reputation.
- Create security incidents in ServiceNow Security Incident Response (SIR) from events in Cofense Triage’s inbox, reconnaissance, and processed queues (including clusters)
- Ingest phishing threat indicators (including 2nd stage indicators found in report comments) from Cofense Triage into ServiceNow SIR to enrich and operationalize incident response.
- Run Cofense Triage playbook from ServiceNow SIR to categorize reports, respond to reporters, and tag reports and clusters in Cofense Triage.
- Update and process phishing emails in Cofense Triage from ServiceNow SIR.
- Bidirectionally manage phishing threat indicators and observables between Cofense Triage and ServiceNow SIR
- Provided support of Washington DC release
- Bug fixes
Cofense Triage version 1.26 or greater in an on-premises or Cofense-managed PDR. Cofense Triage API version 2.0.