Cofense Logo - Email Security Solutions

Cofense Increases Efficiency and Visibility with Triage 1.25

Share Now


With Triage 1.25, SOC teams can now supercharge their efficiency through automation, enhanced reporting, and revamped response templates to more quickly to fight back against today’s evolving threats. Here’s the breakdown of what that looks like in action.

Automate More Easily with Triggers

Playbooks, introduced in Triage 1.24.0, let you perform a reusable set of actions on a reported email or cluster of emails with a single button click. Now, automate your playbooks with triggers. When a report meets the conditions you specify in the trigger, the trigger runs your desired playbook automatically! This means less clicks and manual effort when it comes to triaging malicious emails and sending automated communications to your end users. It also means that deep YARA rule writing skills are not needed to write triggers, making it easy for any SOC team member to get into and begin using Triage quickly.

To create a trigger, you simply select one or more of the following conditions and then build the trigger around it. Analysts leverage a combination of conditions that make sense based on the type of attack, threat vector, what’s common to their industry, or more.

  • Report Content
  • Reporter Reputation
  • Reporter VIP Status
  • Risk Score
  • Rule Match
  • Rule Priority
  • Rule Count
  • Threat Indicator Value
  • Threat Indicator Count
Cofense Triage: Email Threat Triage Chart
Active Triggers Dashboard

Triggers and Playbooks allow you more flexibility and granularity when it comes to automating actions across Triage and teams. As a result, our recipes function will be sunset as Playbooks offer much deeper functionality. Not to worry though, we’ll give plenty of notice and even added a button so you can begin to convert your Recipes to Playbooks.

Enhanced Reporting

We released Dynamic Reporting in the Summer of 2021 and continue to build on our strong reporting foundation with more flexibility when it comes to building and distributing reports. The templates that generate dynamic reports are now more robust, with new sections and more options to help you format and refine the data in your output. We’ve also added PDF support so you can distribute reports to any user in an easy to consume format.

Cofense Vision: Real-Time Email Threat Detection - Dashboard
Add or Remove Sections and build a bespoke Report

Best practice categories and response templates

The default set now contains six malicious categories and five non-malicious ones. These new defaults reduce the need for customization and better reflect current phishing trends we are seeing in the field. These fields help prevent confusion and allow SOCs to more quickly understand what threats they are seeing.

And due to popular demand, we are bringing back a workflow called “Categorize Reports.” You can still use the new, quicker way to start workflows, but we wanted to bring more options for our users.

To learn more about Cofense Triage or to see these new capabilities in action, please request a demo at Cofense Customers can always reach out to their CX team for more information on upgrading.

*Please note: Customers must be Triage versions 1.24.0 or 1.24.1 in order to upgrade to 1.25.0*


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.