Skip to main content

Cofense Vision

Download With Dependencies

Cofense Vision empowers security teams to hunt for email messages and quarantine threats in mailboxes. Analysts can setup jobs to remove emerging phishing campaigns based on trusted and credible IOCs through an automated workflow.

Attackers find ways into the employee’s inbox after bypassing secure email gateways and other perimeter controls. The
security team needs to act on suspicious reported emails in a timely manner and then remove threats from mailboxes. With
Cofense Vision, the SOC can find phishing campaign threats quickly, before it turns into a major breach, including
emails not reported by users.

The Cofense Vision integration provides commands to initiate advanced search jobs to hunt and quarantine suspected
attack campaigns. Search and quarantine actions can take place based on IOCs and email attributes to remove the threat
from mailboxes. The integration also provides commands to download messages and their attachments as well as create
quarantine jobs. Analysts can manage IOCs used to search and quarantine emails that are part of emerging threats.

What does this pack do?

  • Search for suspicious and malicious emails.
  • Create and approve jobs against emails to quarantine threats in mailboxes.
  • Create quarantine jobs to remove suspicious emails from mailboxes using automation.
  • Download original emails and get suspicious attachments for additional analysis.
  • Add IOCs to be used in searching and quarantine job operations.

PUBLISHER

Cofense

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByPartner
CreatedNovember 3, 2022
Last ReleaseNovember 3, 2022
Phishing
Hunting
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.