Skip to main content

Cyware Orchestrate

Cofense Triage V2

App Vendor: Cofense Triage V2

App Category: Analytics & SIEM

Connector Version: 1.1.0

API Version: 2.0.0

About App

The Cofense Triage v2 app allows teams to integrate with the Cofense Triage enterprise application. This allows teams to view, create and update, reports, reporters, indicators, and categories

The Cofense Triage V2 app is configured with the Orchestrate application to perform the following actions:

Action Name

Description

Get All Reports

This action retrieves all reports present on the Cofense Triage application.

Get Specific Report

This action retrieves a specific report on the Cofense Triage application.

Download Email

This action downloads the entire raw email report from the Cofense Triage application.

Download Preview

This action downloads a preview of the email as a png file from the Cofense Triage application.

Categorize Report

This action categorizes reports on the Cofense Triage application.

Get All Reporters

This action retrieves all reporters in the system from the Cofense Triage application.

Get Reporter Attributes

This action retrieves all attributes of a particular reporter from the Cofense Triage application.

Get URL Information

This action retrieves particular URLs stored in the Cofense Triage application.

Get All Indicators

This action retrieves all indicators from the Cofense Triage application.

Get Specific Indicator

This action retrieves information regarding a specific indicator from the Cofense Triage application.

Delete Indicator

This action deletes an indicator from the Cofense Triage application.

Get Categories

This action retrieves all categories in the Cofense Triage application.

Get Specific Category

This action retrieves information about a particular category in the Cofense Triage application.

Update Report Tag

This action updates a particular report tag from the Cofense Triage application.

Create Indicator

This action creates an indicator on the Cofense Triage application.

Update Indicator

This action updates an indicator on the Cofense Triage application.

Get All URLs

This action retrieves all URLs from the Cofense Triage application.

Create Comment

This action creates a comment on the Cofense Triage application.

Update Comment

This action updates a comment on the Cofense Triage application.

Get a Comment

This action retrieves a comment from the Cofense Triage application.

List all Comments

This action retrieves all comments from the Cofense Triage application.

Configuration Parameters

The following configuration parameters are required for the Cofense Triage V2 app to communicate with the Cofense Triage V2 enterprise application. The parameters can be configured by creating instances in the app.

Parameter

Description

Field Type

Required/Optional

Comments

Base URL

Enter the base URL of the Cofense Triage application.

Text

Required

Client ID

Enter the client ID generated by your Cofense Triage application.

Password

Required

Client Secret

Enter the client secret generated by your Cofense Triage application.

Password

Required

Action: Get All Reports

This action retrieves all reports present on the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Limit

Enter the number of responses you want to retrieve.

Example:

100

Integer

Optional

Minimum value: 1

Maximum value: None

Page

Enter the page number to get results.

Example:

2

Integer

Optional

Minimum value: 1

Maximum value: 200

Example Request

[
    {
        "limit": 100,
        "page": 2
    }
]
Action: Get Specific Report

This action retrieves a specific report on the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Report ID

Enter the report ID to retrieve details from the Cofense Triage application.

Example:

"Sample Report ID"

Text

Required

Example Request

[
    {
        "report_id": "Sample Report ID"
    }
]
Action: Download Email

This action downloads the entire raw email report from the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Report ID

Enter the report ID to download.

Example:

"Sample Report ID"

Text

Required

Example Request

[
    {
        "report_id": "Sample Report ID"
    }
]
Action: Download Preview

This action downloads a preview of the email as a PNG file from the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Report ID

Enter the report ID to download the preview.

Example:

"Sample Report ID"

Text

Required

Example Request

[
    {
        "report_id": "Sample Report ID"
    }
]
Action: Categorize Report

This action categorizes reports on the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Report ID

Enter the report ID to categorize.

Example:

"Sample Report ID"

Text

Required

Category

Enter the category ID to assign to this report.

Example:

"Sample Category ID"

Text

Required

Response ID

Enter the response ID to assign to the report.

Example:

"Sample Response ID"

Text

Required

Example Request

[
    {
        "report_id": "Sample Report ID",
        "category_id": "Sample Category ID",
        "response_id": "Sample Response ID"
    }
]
Action: Get All Reporters

This action retrieves all reporters in the system from the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Limit

Enter the number of responses you want to retrieve.

Example:

100

Integer

Optional

Page

Enter the page number to get results.

Example:

2

Integer

Optional

Example Request

[
    {
        "limit": 100,
        "page": 2
    }
]
Action: Get Reporter Attributes

This action retrieves all attributes of a particular reporter from the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Reporter ID

Enter the reporter ID to get the attributes.

Example:

"Sample Reporter ID"

Text

Required

Example Request

[
    {
        "reporter_id": "Sample Reporter ID"
    }
]
Action: Get URL Information

This action retrieves particular URLs stored in the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

URL ID

Enter the URL ID to retrieve details.

Example:

"Sample URL ID"

Text

Required

Example Request

[
    {
        "url_id": "Sample URL ID"
    }
]
Action: Get All Indicators

This action retrieves all indicators from the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Limit

Enter the number of responses you want to retrieve.

Example:

100

Integer

Optional

Page

Enter the page number to get results.

Example:

2

Integer

Optional

Example Request

[
    {
        "limit": 100,
        "page": 2
    }
]
Action: Get Specific Indicator

This action retrieves information regarding a specific indicator from the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Indicator ID

Enter the indicator ID to retrieve details.

Example:

"Sample Indicator ID"

Text

Required

Example Request

[
    {
        "indicator_id": "Sample Indicator ID"
    }
]
Action: Delete Indicator

This action deletes an indicator from the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Indicator ID

Enter the indicator ID to delete.

Example:

"Sample Indicator ID"

Text

Required

Example Request

[
    {
        "indicator_id": "Sample Indicator ID"
    }
]
Action: Get Categories

This action retrieves all categories in the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Page

Enter the page number to get results.

Example:

2

Integer

Optional

Limit

Enter the number of responses you want to retrieve.

Example:

100

Integer

Optional

Example Request

[
    {
        "page": 2,
        "limit": 100
    }
]
Action: Get Specific Category

This action retrieves information about a particular category in the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Category ID

Enter the category ID to retrieve details.

Example:

"Sample Category ID"

Text

Required

Example Request

[
    {
        "category_id": "Sample Category ID"
    }
]
Action: Update Report Tag

This action updates a particular report tag from the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Report ID

Enter the report ID to update the tag report.

Example:

"Sample Report ID"

Text

Required

Tags

Enter the list of tags to update the report.

Example:

"Example Tag"

List

Required

Example Request

[
    {
        "report_id": "Sample Report ID",
        "tags": "Example Tag"
    }
]
Action: Create Indicator

This action creates an indicator on the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Threat Level

Enter the threat level of the indicator.

Example:

"Sample Threat Level"

Text

Required

Threat Type

Enter the threat type of the indicator.

Example:

"Sample Threat Type"

Text

Required

Threat Value

Enter the threat value of the indicator.

Example:

"Sample Threat Value"

Text

Required

Threat Source

Enter the threat source of the indicator.

Example:

"Sample Threat Source"

Text

Required

Example Request

[
    {
        "threat_level": "Sample Threat Level",
        "threat_type": "Sample Threat Type",
        "threat_value": "Sample Threat Value",
        "threat_source": "Sample Threat Source"
    }
]
Action: Update Indicator

This action updates an indicator on the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Indicator ID

Enter the indicator ID to update the Indicator.

Example:

"Sample Indicator ID"

Text

Required

Threat Level

Enter the threat level for the indicator.

Example:

"Sample Threat Level"

Text

Required

Threat Source

Enter the threat source for the indicator.

Example:

"Sample Threat Source"

Text

Required

Example Request

[
    {
        "indicator_id": "Sample Indicator ID",
        "threat_level": "Sample Threat Level",
        "threat_source": "Sample Threat Source"
    }
]
Action: Get All URLs

This action retrieves all URLs from the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Limit

Enter the number of responses you want to retrieve.

Example:

100

Integer

Optional

Page

Enter the page number to get results.

Example:

2

Integer

Optional

Example Request

[
    {
        "limit": 100,
        "page": 2
    }
]
Action: Create Comment

This action creates a comment on the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Indicator ID

Enter the indicator ID to create a comment.

Example:

"sample indicator ID"

Text

Required

Body

Enter the comment.

Example:

"sample comment"

Text

Required

Body Format

Enter the type of the comment.

Example:

"text"

Text

Optional

Allowed values:

  • text

  • json

Default value:

"text"

Tags

Enter the tags assigned to the comment.

Example:

"sample tag"

Text

Optional

Default value:

None

Example Request

[
    {
        "indicator_id": "sample indicator ID",
        "body": "sample comment",
        "body_format": "text",
        "tags": "sample tag"
    }
]
Action: Update Comment

This action updates a comment on the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Comment ID

Enter the comment ID you want to update.

Example:

"sample comment ID"

Text

Required

Body

Enter the comment.

Example:

"sample comment"

Text

Required

Body Format

Enter the type of the comment.

Example:

"text"

Text

Optional

Allowed values:

  • text

  • json

Default value:

"text"

Tags

Enter the tags assigned to the comment.

Example:

"sample tag"

Text

Optional

Default value:

None

Example Request

[
    {
        "comment_id": "sample comment ID",
        "body": "sample comment",
        "body_format": "text",
        "tags": "sample tag"
    }
]
Action: Get a Comment

This action retrieves a comment from the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Comment ID

Enter the comment ID to be retrieved.

Example:

"sample comment ID"

Text

Required

Example Request

[
    {
        "comment_id": "sample comment ID"
    }
]
Action: List all Comments

This action retrieves all comments from the Cofense Triage application.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Limit

Enter the response limit for the number of comments to be retrieved.

Example:

10

Integer

Optional

Page

Enter the page to return.

Example:

1

Integer

Optional

Example Request

[
    {
        "limit": 10,
        "page": 1
    }
]