Cofense provides prevention and awareness solutions to help organizations protect their data from phishing attacks. Cofense Reporter makes it easy for employees to report potential phishing emails to the SOC.
NextGen SOAR Integration
D3’s integration with Cofense enables rapid response to potential phishing emails. D3’s phishing playbooks automatically enrich alerts and orchestrate the appropriate response. D3 can also query Cofense Triage in order to collect up-to-the-minute intelligence on phishing campaigns. The result is an end-to-end solution for catching phishing attacks before they do real damage.
Escalate phishing emails to D3 for triage and risk scoring
Trigger phishing-specific playbooks to automate response
Query Cofense for intelligence on phishing campaigns
Enrich phishing incidents with integrated intelligence sources and MITRE ATT&CK correlations
Detonate potentially malicious files in integrated sandboxes
Key Use Case
Phishing Email Analysis and Response
When a phishing attempt is reported to the SOC via Cofense Reporter, an analyst can trigger an automated phishing playbook in D3 that parses out the elements of the email, including the potentially malicious attached file. The file is then uploaded to an integrated sandbox for detonation and analysis. If it is confirmed as a genuine incident, D3 can then run the appropriate response playbook. This may include searching endpoints for any additional instances of the malicious file.
Meet Our Friends
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.