Smart SOAR Integration

D3’s integration with Cofense enables rapid response to potential phishing emails. D3’s phishing playbooks automatically enrich alerts and orchestrate the appropriate response. D3 can also query Cofense Triage in order to collect up-to-the-minute intelligence on phishing campaigns. The result is an end-to-end solution for catching phishing attacks before they do real damage.

Cofense Integration

Integration features

Escalate phishing emails to D3 for triage and risk scoring
Trigger phishing-specific playbooks to automate response
Query Cofense for intelligence on phishing campaigns
Enrich phishing incidents with integrated intelligence sources and MITRE ATT&CK correlations
Detonate potentially malicious files in integrated sandboxes

Key Use Case


Phishing Email Analysis and Response

When a phishing attempt is reported to the SOC via Cofense Reporter, an analyst can trigger an automated phishing playbook in D3 that parses out the elements of the email, including the potentially malicious attached file. The file is then uploaded to an integrated sandbox for detonation and analysis. If it is confirmed as a genuine incident, D3 can then run the appropriate response playbook. This may include searching endpoints for any additional instances of the malicious file.

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.

X Cofense Integration

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.