Cofense

📘

TL;DR

To integrate Cofense with Query

  • Setup the required connection parameters for Cofense mentioned in the 'Prerequisites' section of this document.
  • Add a Cofense connection source in Query with the connection parameters.
  • Test the integration with Test Connection link.
  • Perform searches for malicious emails using to, cc, and subject as search parameters

Overview

Cofense is a cybersecurity company that provides solutions for phishing defense and threat intelligence. By integrating with Query, you search for:

  • names
  • email addresses
  • devices
  • file hashes.

Prerequisites

To add Cofense as a connection source in Query, make sure you have the following connection parameters:

Adding a connection source in Query

  1. Go to the Connections page, click Add Connections, and select Cofense from Email Security category.
  2. In the General tab, add the following details:
  3. Click the Save button on the top right corner of the screen to save the connection source.
  4. To test the connection credentials, click on 'Test Connection.' You will see a successful connection message if the credentials are valid. If the test connection fails, then check if the connection parameters are correct. If necessary, change appropriately and retest.

Resources

https://cofense.com/knowledge-center-hub/