Attackers find ways into the employee’s inbox after bypassing secure email gateways and other perimeter controls. The
security team needs to act on suspicious reported emails in a timely manner and then remove threats from mailboxes. With
Cofense Vision, the SOC can find phishing campaign threats quickly, before it turns into a major breach, including
emails not reported by users.
The Cofense Vision integration provides commands to initiate advanced search jobs to hunt and quarantine suspected
attack campaigns. Search and quarantine actions can take place based on IOCs and email attributes to remove the threat
from mailboxes. The integration also provides commands to download messages and their attachments as well as create
quarantine jobs. Analysts can manage IOCs used to search and quarantine emails that are part of emerging threats.
What does this pack do?
- Search for suspicious and malicious emails.
- Create and approve jobs against emails to quarantine threats in mailboxes.
- Create quarantine jobs to remove suspicious emails from mailboxes using automation.
- Download original emails and get suspicious attachments for additional analysis.
- Add IOCs to be used in searching and quarantine job operations.