Cofense

Suggest Edits

📘

TL;DR

To integrate Cofense with Query

  • Setup the required connection parameters for Cofense mentioned in the 'Prerequisites' section of this document.
  • Add a Cofense connection source in Query with the connection parameters.
  • Test the integration with Test Connection link.
  • Perform searches for malicious emails using to, cc, and subject as search parameters

Overview

Cofense is a cybersecurity company that provides solutions for phishing defense and threat intelligence. By integrating with Query, you search for:

  • names
  • email addresses
  • devices
  • file hashes.

Prerequisites

To add Cofense as a connection source in Query, make sure you have the following connection parameters:

  • Base URL :Cofense Triage API Server URL. eg.[<https://reltest6.phishmecloud.com>](https://reltest6.phishmecloud.com
  • Client ID :Client ID of the API application.
  • Client Secret :Client secret of the API application.

Adding a connection source in Query

  1. Go to the Connections page, click Add Connections, and select Cofense from Email Security category.
  2. In the General tab, add the following details:
    • Base URL :Cofense Triage API Server URL. eg.[<https://reltest6.phishmecloud.com>](https://reltest6.phishmecloud.com
    • Client ID :Client ID of the API application.
    • Client Secret :Client secret of the API application.
  3. Click the Save button on the top right corner of the screen to save the connection source.
  4. To test the connection credentials, click on 'Test Connection.' You will see a successful connection message if the credentials are valid. If the test connection fails, then check if the connection parameters are correct. If necessary, change appropriately and retest.

Resources

https://cofense.com/knowledge-center-hub/

Updated 4 months ago