Cofense
TL;DR
To integrate Cofense with Query
- Setup the required connection parameters for Cofense mentioned in the 'Prerequisites' section of this document.
- Add a Cofense connection source in Query with the connection parameters.
- Test the integration with Test Connection link.
- Perform searches for malicious emails using to, cc, and subject as search parameters
Overview
Cofense is a cybersecurity company that provides solutions for phishing defense and threat intelligence. By integrating with Query, you search for:
- names
- email addresses
- devices
- file hashes.
Prerequisites
To add Cofense as a connection source in Query, make sure you have the following connection parameters:
- Base URL :Cofense Triage API Server URL. eg.[<https://reltest6.phishmecloud.com>](https://reltest6.phishmecloud.com
- Client ID :Client ID of the API application.
- Client Secret :Client secret of the API application.
Adding a connection source in Query
- Go to the Connections page, click Add Connections, and select Cofense from Email Security category.
- In the General tab, add the following details:
- Base URL :Cofense Triage API Server URL. eg.[<https://reltest6.phishmecloud.com>](https://reltest6.phishmecloud.com
- Client ID :Client ID of the API application.
- Client Secret :Client secret of the API application.
- Click the Save button on the top right corner of the screen to save the connection source.
- To test the connection credentials, click on 'Test Connection.' You will see a successful connection message if the credentials are valid. If the test connection fails, then check if the connection parameters are correct. If necessary, change appropriately and retest.
Resources
Updated 8 months ago