Cofense Integration

XGEN SOAR Integration

D3’s integration with Cofense enables rapid response to potential phishing emails. D3’s phishing playbooks automatically enrich alerts and orchestrate the appropriate response. D3 can also query Cofense Triage in order to collect up-to-the-minute intelligence on phishing campaigns. The result is an end-to-end solution for catching phishing attacks before they do real damage.
Cofense Integration

Integration features

1
Escalate phishing emails to D3 for triage and risk scoring
2
Trigger phishing-specific playbooks to automate response
3
Query Cofense for intelligence on phishing campaigns
4
Enrich phishing incidents with integrated intelligence sources and MITRE ATT&CK correlations
5
Detonate potentially malicious files in integrated sandboxes

Key Use Case

#1

Phishing Email Analysis and Response

When a phishing attempt is reported to the SOC via Cofense Reporter, an analyst can trigger an automated phishing playbook in D3 that parses out the elements of the email, including the potentially malicious attached file. The file is then uploaded to an integrated sandbox for detonation and analysis. If it is confirmed as a genuine incident, D3 can then run the appropriate response playbook. This may include searching endpoints for any additional instances of the malicious file.
X Cofense Integration