Cofense Triage V2
App Vendor: Cofense Triage V2
App Category: Analytics & SIEM
Connector Version: 1.1.0
API Version: 2.0.0
About App
The Cofense Triage v2 app allows teams to integrate with the Cofense Triage enterprise application. This allows teams to view, create and update, reports, reporters, indicators, and categories
The Cofense Triage V2 app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Get All Reports | This action retrieves all reports present on the Cofense Triage application. |
Get Specific Report | This action retrieves a specific report on the Cofense Triage application. |
Download Email | This action downloads the entire raw email report from the Cofense Triage application. |
Download Preview | This action downloads a preview of the email as a png file from the Cofense Triage application. |
Categorize Report | This action categorizes reports on the Cofense Triage application. |
Get All Reporters | This action retrieves all reporters in the system from the Cofense Triage application. |
Get Reporter Attributes | This action retrieves all attributes of a particular reporter from the Cofense Triage application. |
Get URL Information | This action retrieves particular URLs stored in the Cofense Triage application. |
Get All Indicators | This action retrieves all indicators from the Cofense Triage application. |
Get Specific Indicator | This action retrieves information regarding a specific indicator from the Cofense Triage application. |
Delete Indicator | This action deletes an indicator from the Cofense Triage application. |
Get Categories | This action retrieves all categories in the Cofense Triage application. |
Get Specific Category | This action retrieves information about a particular category in the Cofense Triage application. |
Update Report Tag | This action updates a particular report tag from the Cofense Triage application. |
Create Indicator | This action creates an indicator on the Cofense Triage application. |
Update Indicator | This action updates an indicator on the Cofense Triage application. |
Get All URLs | This action retrieves all URLs from the Cofense Triage application. |
Create Comment | This action creates a comment on the Cofense Triage application. |
Update Comment | This action updates a comment on the Cofense Triage application. |
Get a Comment | This action retrieves a comment from the Cofense Triage application. |
List all Comments | This action retrieves all comments from the Cofense Triage application. |
Configuration Parameters
The following configuration parameters are required for the Cofense Triage V2 app to communicate with the Cofense Triage V2 enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL of the Cofense Triage application. | Text | Required | |
Client ID | Enter the client ID generated by your Cofense Triage application. | Password | Required | |
Client Secret | Enter the client secret generated by your Cofense Triage application. | Password | Required |
Action: Get All Reports
This action retrieves all reports present on the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Enter the number of responses you want to retrieve. Example: 100 | Integer | Optional | Minimum value: 1 Maximum value: None |
Page | Enter the page number to get results. Example: 2 | Integer | Optional | Minimum value: 1 Maximum value: 200 |
Example Request
[
{
"limit": 100,
"page": 2
}
]Action: Get Specific Report
This action retrieves a specific report on the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the report ID to retrieve details from the Cofense Triage application. Example: "Sample Report ID" | Text | Required |
Example Request
[
{
"report_id": "Sample Report ID"
}
]Action: Download Email
This action downloads the entire raw email report from the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the report ID to download. Example: "Sample Report ID" | Text | Required |
Example Request
[
{
"report_id": "Sample Report ID"
}
]Action: Download Preview
This action downloads a preview of the email as a PNG file from the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the report ID to download the preview. Example: "Sample Report ID" | Text | Required |
Example Request
[
{
"report_id": "Sample Report ID"
}
]Action: Categorize Report
This action categorizes reports on the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the report ID to categorize. Example: "Sample Report ID" | Text | Required | |
Category | Enter the category ID to assign to this report. Example: "Sample Category ID" | Text | Required | |
Response ID | Enter the response ID to assign to the report. Example: "Sample Response ID" | Text | Required |
Example Request
[
{
"report_id": "Sample Report ID",
"category_id": "Sample Category ID",
"response_id": "Sample Response ID"
}
]Action: Get All Reporters
This action retrieves all reporters in the system from the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Enter the number of responses you want to retrieve. Example: 100 | Integer | Optional | |
Page | Enter the page number to get results. Example: 2 | Integer | Optional |
Example Request
[
{
"limit": 100,
"page": 2
}
]Action: Get Reporter Attributes
This action retrieves all attributes of a particular reporter from the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Reporter ID | Enter the reporter ID to get the attributes. Example: "Sample Reporter ID" | Text | Required |
Example Request
[
{
"reporter_id": "Sample Reporter ID"
}
]Action: Get URL Information
This action retrieves particular URLs stored in the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL ID | Enter the URL ID to retrieve details. Example: "Sample URL ID" | Text | Required |
Example Request
[
{
"url_id": "Sample URL ID"
}
]Action: Get All Indicators
This action retrieves all indicators from the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Enter the number of responses you want to retrieve. Example: 100 | Integer | Optional | |
Page | Enter the page number to get results. Example: 2 | Integer | Optional |
Example Request
[
{
"limit": 100,
"page": 2
}
]Action: Get Specific Indicator
This action retrieves information regarding a specific indicator from the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Indicator ID | Enter the indicator ID to retrieve details. Example: "Sample Indicator ID" | Text | Required |
Example Request
[
{
"indicator_id": "Sample Indicator ID"
}
]Action: Delete Indicator
This action deletes an indicator from the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Indicator ID | Enter the indicator ID to delete. Example: "Sample Indicator ID" | Text | Required |
Example Request
[
{
"indicator_id": "Sample Indicator ID"
}
]Action: Get Categories
This action retrieves all categories in the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Page | Enter the page number to get results. Example: 2 | Integer | Optional | |
Limit | Enter the number of responses you want to retrieve. Example: 100 | Integer | Optional |
Example Request
[
{
"page": 2,
"limit": 100
}
]Action: Get Specific Category
This action retrieves information about a particular category in the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Category ID | Enter the category ID to retrieve details. Example: "Sample Category ID" | Text | Required |
Example Request
[
{
"category_id": "Sample Category ID"
}
]Action: Update Report Tag
This action updates a particular report tag from the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Report ID | Enter the report ID to update the tag report. Example: "Sample Report ID" | Text | Required | |
Tags | Enter the list of tags to update the report. Example: "Example Tag" | List | Required |
Example Request
[
{
"report_id": "Sample Report ID",
"tags": "Example Tag"
}
]Action: Create Indicator
This action creates an indicator on the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Threat Level | Enter the threat level of the indicator. Example: "Sample Threat Level" | Text | Required | |
Threat Type | Enter the threat type of the indicator. Example: "Sample Threat Type" | Text | Required | |
Threat Value | Enter the threat value of the indicator. Example: "Sample Threat Value" | Text | Required | |
Threat Source | Enter the threat source of the indicator. Example: "Sample Threat Source" | Text | Required |
Example Request
[
{
"threat_level": "Sample Threat Level",
"threat_type": "Sample Threat Type",
"threat_value": "Sample Threat Value",
"threat_source": "Sample Threat Source"
}
]Action: Update Indicator
This action updates an indicator on the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Indicator ID | Enter the indicator ID to update the Indicator. Example: "Sample Indicator ID" | Text | Required | |
Threat Level | Enter the threat level for the indicator. Example: "Sample Threat Level" | Text | Required | |
Threat Source | Enter the threat source for the indicator. Example: "Sample Threat Source" | Text | Required |
Example Request
[
{
"indicator_id": "Sample Indicator ID",
"threat_level": "Sample Threat Level",
"threat_source": "Sample Threat Source"
}
]Action: Get All URLs
This action retrieves all URLs from the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Enter the number of responses you want to retrieve. Example: 100 | Integer | Optional | |
Page | Enter the page number to get results. Example: 2 | Integer | Optional |
Example Request
[
{
"limit": 100,
"page": 2
}
]Action: Create Comment
This action creates a comment on the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Indicator ID | Enter the indicator ID to create a comment. Example: "sample indicator ID" | Text | Required | |
Body | Enter the comment. Example: "sample comment" | Text | Required | |
Body Format | Enter the type of the comment. Example: "text" | Text | Optional | Allowed values:
Default value: "text" |
Tags | Enter the tags assigned to the comment. Example: "sample tag" | Text | Optional | Default value: None |
Example Request
[
{
"indicator_id": "sample indicator ID",
"body": "sample comment",
"body_format": "text",
"tags": "sample tag"
}
]Action: Update Comment
This action updates a comment on the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Comment ID | Enter the comment ID you want to update. Example: "sample comment ID" | Text | Required | |
Body | Enter the comment. Example: "sample comment" | Text | Required | |
Body Format | Enter the type of the comment. Example: "text" | Text | Optional | Allowed values:
Default value: "text" |
Tags | Enter the tags assigned to the comment. Example: "sample tag" | Text | Optional | Default value: None |
Example Request
[
{
"comment_id": "sample comment ID",
"body": "sample comment",
"body_format": "text",
"tags": "sample tag"
}
]Action: Get a Comment
This action retrieves a comment from the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Comment ID | Enter the comment ID to be retrieved. Example: "sample comment ID" | Text | Required |
Example Request
[
{
"comment_id": "sample comment ID"
}
]Action: List all Comments
This action retrieves all comments from the Cofense Triage application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Enter the response limit for the number of comments to be retrieved. Example: 10 | Integer | Optional | |
Page | Enter the page to return. Example: 1 | Integer | Optional |
Example Request
[
{
"limit": 10,
"page": 1
}
]