Phishing Email Analysis and Response
When a phishing attempt is reported to the SOC via Cofense Reporter, an analyst can trigger an automated phishing playbook in D3 that parses out the elements of the email, including the potentially malicious attached file. The file is then uploaded to an integrated sandbox for detonation and analysis. If it is confirmed as a genuine incident, D3 can then run the appropriate response playbook. This may include searching endpoints for any additional instances of the malicious file.