With Triage 1.25, SOC teams can now supercharge their efficiency through automation, enhanced reporting, and revamped response templates to more quickly to fight back against today’s evolving threats. Here’s the breakdown of what that looks like in action.
Automate More Easily with Triggers
Playbooks, introduced in Triage 1.24.0, let you perform a reusable set of actions on a reported email or cluster of emails with a single button click. Now, automate your playbooks with triggers. When a report meets the conditions you specify in the trigger, the trigger runs your desired playbook automatically! This means less clicks and manual effort when it comes to triaging malicious emails and sending automated communications to your end users. It also means that deep YARA rule writing skills are not needed to write triggers, making it easy for any SOC team member to get into and begin using Triage quickly.
To create a trigger, you simply select one or more of the following conditions and then build the trigger around it. Analysts leverage a combination of conditions that make sense based on the type of attack, threat vector, what’s common to their industry, or more.
- Report Content
- Reporter Reputation
- Reporter VIP Status
- Risk Score
- Rule Match
- Rule Priority
- Rule Count
- Threat Indicator Value
- Threat Indicator Count
Active Triggers Dashboard
We released Dynamic Reporting in the Summer of 2021 and continue to build on our strong reporting foundation with more flexibility when it comes to building and distributing reports. The templates that generate dynamic reports are now more robust, with new sections and more options to help you format and refine the data in your output. We’ve also added PDF support so you can distribute reports to any user in an easy to consume format.
Add or Remove Sections and build a bespoke Report
Best practice categories and response templates
The default set now contains six malicious categories and five non-malicious ones. These new defaults reduce the need for customization and better reflect current phishing trends we are seeing in the field. These fields help prevent confusion and allow SOCs to more quickly understand what threats they are seeing.
And due to popular demand, we are bringing back a workflow called “Categorize Reports.” You can still use the new, quicker way to start workflows, but we wanted to bring more options for our users.
To learn more about Cofense Triage or to see these new capabilities in action, please request a demo at https://go.cofense.com/live-demo/. Cofense Customers can always reach out to their CX team for more information on upgrading.
*Please note: Customers must be Triage versions 1.24.0 or 1.24.1 in order to upgrade to 1.25.0*