Enable Next Level Phishing Analysis and Response with Cortex XSOAR and Cofense Triage

Oct 08, 2021
3 minutes

Within the threat landscape, email phishing is one of the main techniques used by attackers to gain access to critical systems and data. However, security teams face shortages of time, resources, and people, making it difficult to investigate and respond quickly. Security teams have learned that properly trained employees are able to detect and report suspicious emails to the SOC when they evade email gateways. To keep your organization secure from email-based attacks, your security team needs a powerful phishing solution to help automatically ingest, analyze, and respond to employee reported emails.

Palo Alto Networks Cortex XSOAR has released an integrated content pack with Cofense Triage to manage employee reported phishing emails and help automate and simplify these complex workflows and speed up the total time to resolution. To further streamline your workflows, your security team can pair Cofense Triage with Cofense Reporter so employees can utilize one click reporting to alert the SOC. Leveraging these solutions together enables easy employee reporting of suspicious emails and centralizes them all in a designated inbox and automatically organizes received emails into smart clusters, making it easier for your team to prioritize and remediate.

Why is this integration important for your security program?

Cortex XSOAR and Cofense Triage enable your SOC to receive, analyze, enrich, and respond to phishing attacks in minutes rather than hours or days. Automating as much of the phishing-email triage and response process as possible frees up many valuable cycles for your analysts. So they can focus on threat hunting and other strategic initiatives to ensure the organization remains secure.

The Cofense Triage content pack enables you to:

  • Ingest phishing reports and clusters directly into Cortex XSOAR for a single pane of glass view so you can automate analysis and respond effectively.
  • Configure Cortex XSOAR to ingest and categorize reported emails that reside in the Cofense Triage Inbox. Study the email attributes included in the at-a-glance dashboards.
  • Ingest Cofense Triage phishing threat indicators such as URLs, hostnames, headers, and file hashes into Cortex XSOAR.
  • Validate phishing threats through native phishing intelligence and rules in Cofense Triage that can further enrich Cortex XSOAR playbooks.

Learn more

Build out your security program with the Cofense Triage content pack, available now on the Cortex XSOAR Marketplace. Look up prebuilt integrations for your top security tools with over 750 content packs available for Cortex XSOAR, the market’s leading SOAR platform.

To see the Cofense Triage content pack, visit the Marketplace. Learn more about Cofense Triage at cofense.com.

To learn more about the Cofense Triage content pack, join us for a live demo and overview with Q&A on October 28th at 9:00 A.M. PDT and discover how to stop the phish! Save your seat today.

Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.