Cofense Triage
App Vendor: Cofense
App Category: Date Enrichment and Threat Intelligence
Connector Version: 1.0.0
API Version: 2.0.0
Cofense Triage application allows security teams to quickly catch the phishing emails that bypass your organization's email gateway. Cofense delivers the technology and advanced insight needed to rapidly detect, analyze, and auto-quarantine phishing attacks.
The Cofense Triage app for the Orchestrate allows security teams to connect with the Cofense Triage enterprise application to perform the below-listed actions.
Action Name | Description |
|---|---|
Get All Reporters | This action retrieves all reporters in the system. |
Get All URLs | This action retrieves all URLs from Cofense Triage. |
Update Indicator | This action updates an indicator on Cofense Triage. |
Create Indicator | This action creates an indicator on Cofense Triage. |
Update Report Tag | This action updates a particular report's tag. |
Get Specific Category | This action retrieves information about a particular category in Cofense Triage. |
Get Categories | This action retrieves all categories in Cofense Triage. |
Delete Indicator | This action deletes an indicator from Cofense Triage. |
Get Specific Indicator | This action retrieves information regarding a specific indicator. |
Get All Indicators | This action can be used to get all indicators from Cofense Triage. |
Get URL Information | This action retrieves particular URLs stored in Cofense Triage. |
Get Reporter Attributes | This action retrieves all attributes of a particular reporter. |
Categorize Report | This action categorizes reports from Cofense Triage. |
Download Preview | This action downloads a preview of the email as a PNG file. |
Download Email | This action downloads the entire raw email report from Cofense Triage. |
Get Specific Report | This action gets a specific report from Cofense Triage. |
Get All Reports | This action gets all reports present in Cofense Triage. |
Configuration Parameters
The following configuration parameters are required for the Cofense Triage app. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the Base URL for the Cofense Triage application instance. | Text | Required | |
Client ID | Enter the client ID to authenticate with Cofense. | Text | Required | |
Client Secret | Enter the secret key for the client. | Password | Required |
Action: Get All Reporters
This action retrieves all reporters in the system.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Enter the limit for responses. | Text | Optional | |
Page | Enter the page number to get the responses. | Text | Optional |
Example Request
[
{
"limit":"30"
"page":"10"
}
]Action: Get all URLs
This action retrieves all URLs from Cofense Triage.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Enter the limit for responses. | Text | Optional | |
Page | Enter the page number to get the responses. | Text | Optional |
Example Request
[
{
"limit":"30"
"page":"10"
}
]Action: Update Indicator
This action updates an indicator on Cofense Triage.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Indicator ID | Enter the ID for the indicators to update. | Text | Required | |
Threat Level | Enter the Threat Level for the Indicator. | Text | Required | Allowed values:
|
Threat Source | Enter the Threat Source for the Indicator. | Text | Required |
Example Request
[
{
"indicator_id": "390",
"threat_level": "Malicious",
"threat_source": "New-Source-updated"
}
]Action: Create Indicator
This action creates an indicator on Cofense Triage.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Threat Level | Enter the Threat Level for the Indicator. | Text | Required | |
Threat Type | Enter the Threat Type for the Indicator. | Text | Required | Allowed values:
|
Threat Value | Enter the Threat Value for the Indicator. | Text | Required | |
Threat Source | Enter the Threat Source for the Indicator. | Text | Required |
Example Request
[
{
"threat_type": "URL",
"threat_level": "Malicious",
"threat_value": "https://www.thismightbeamaliciousite.com",
"threat_source": "New-Source-1"
}
]Action: Update Report Tag
This action updates a particular report's tag.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Specify the report ID you need to update the tag. | Text | Required | |
Tags | Enter the list of Tags that need to be updated. | Any | Required |
Example Request
[
{
"tags": "exmapleaddtagg",
"report_id": "4"
}
]Action: Get Specific Category
This action retrieves information about a particular category in Cofense Triage.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Category ID | Specify the category ID to get details. | Text | Required |
Example Request
[
{
"category_id": "10"
}
]Action: Get Categories
This action retrieves all categories in Cofense Triage.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Enter the limit for responses. | Text | Optional | |
Page | Enter the page number to get the responses. | Text | Optional |
Example Request
[
{
"limit":"30"
"page":"10"
}
]Action: Delete Indicator
This action deletes an indicator from Cofense Triage.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Indicator ID | Specify the Indicator ID to delete. | Text | Required |
Example Request
[
{
"indicator_id": "390"
}
]Action: Get Specific Indicator
This action retrieves information regarding a specific indicator.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Indicator ID | Specify the Indicator ID to get the details. | Text | Required |
Example Request
[
{
"indicator_id": "1"
}
]Action: Get All Indicators
This action retrieves all indicators from Cofense Triage.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Enter the limit for responses. | Text | Optional | |
Page | Enter the page number to get the responses. | Text | Optional |
Example Request
[
{
"limit":"30"
"page":"10"
}
]Action: Get URL Information
This action retrieves particular URLs stored in Cofense Triage.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL ID | Enter the URL ID to get information about the URL. | Text | Required |
Example Request
[
{
"url_id": "15"
}
]Action: Get Reporter Attributes
This action retrieves all attributes of a particular reporter.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Reporter ID | Enter the ID of the reporter to get attributes. | Text | Required |
Example Request
[
{
"reporter_id": "4"
}
]Action: Categorize Report
This action categorizes reports from Cofense Triage.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Specify the report ID you want to categorize. | Text | Required | |
Category | Specify the category ID for categorizing the report. | Text | Required | |
Response ID | Specify the Response ID. | Text | Required |
Example Request
[
{
"report_id": "4",
"category_id": "2",
"response_id": "1"
}
]Action: Download Preview
This action downloads a preview of the email as a PNG file
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Specify the report ID you want to download preview. | Text | Required |
Example Request
[
{
"report_id": "4"
}
]Action: Download Email
This action downloads the entire raw email report from Cofense Triage.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the report ID to download the email. | Text | Required |
Example Request
[
{
"report_id": "4"
}
]Action: Get Specific Report
This action retrieves a specific report from Cofense Triage.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the report ID to get details of the report. | Text | Required |
Example Request
[
{
"report_id": "4"
}
]Action: Get all Reports
This action retrieves all reports present in Cofense Triage.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Enter the limit for responses. | Text | Optional | |
Page | Enter the page number to get the responses. | Text | Optional |
Example Request
[
{
"limit":"30"
"page":"10"
}
]