Cofense Logo - Email Security Solutions

Cofense Triage and Vision Updates Bring a Double Dose of Efficiency Improvements to Email Security

Share Now


Technology isn’t perfect – emails are going to get past existing controls like secure email gateways (SEGs) and make it into the inboxes of unsuspecting employees. It’s then up to operations and response teams to quickly validate and prioritize malicious emails, and ultimately remove those threats from the inbox. With Cofense Triage and Cofense Vision, organizations complete processes in minutes that previously took days or even weeks. This week, we’re giving organizations multiple reasons to celebrate, as both Triage 1.24 and Vision 2.2 are now available and introducing the following new capabilities:

  • Playbooks in Triage to bring automation of workflows to new heights
  • Triage Tag Manager simplifies the auditing and clean-up of existing tags
  • Ensure full organization-wide quarantine is successful with expanded URL unwrapping support in Vision

Keep reading to learn more!

Let’s start with Triage.

Introducing Playbooks: Supercharging Automation in Triage

Cofense Triage 1.24 is building the framework for an improved way to implement and manage automated workflows. Over the next few months, current methods for handling repeatable processes in Triage will be replaced with a more efficient and robust way of automating processes and communication related to email security using Playbooks.

With the release of Playbooks in Triage 1.24, the following processes can now be completed with the click of a button:

  • communicate across multiple teams with different notifications and messages
  • categorize reported emails based on specific characteristics
  • remove existing tags and add new ones for better grouping and organization
  • send personalized responses to different reporter groups – including VIPs that may exist such as executives or high target individuals

With Playbooks, set up automated workflows that can turn follow-up for specific attack types into easily repeatable processes.

Easily Categorize and Navigate Through Related Material in Triage with a Robust Tag Manager

All from a single location, manage the tags you’re applying to reports, related reported emails, and comments left on reports and threat indicators. On this page, you can see how many times (and where) a tag is used regardless of its context in Triage allowing you to identify trends and popular topics. You can also rename, merge, and delete tags. And don’t worry, everything is documented as it should be in an audit log so you can keep a close eye on changes.

Time to move onto some exciting Vision updates.

Vision Adds Expanded Support for URL Wrappers for More Effective Search and Quarantine

Email security controls like SEGs rewrite most of the URLs sent via email to the inboxes they’re protecting – redirecting the user to their own, trusted server to buy them some time when it comes to understanding if the URL is malicious or not. This can be problematic, because wrapped malicious links are much harder for the user to identify. Users are trained to identify URLs that don’t lead to the destination that they should, but when all URLs are dominated by the SEG domain – ‘’ for example – it makes it increasingly difficult to spot those nefarious malicious links because everything looks similar and safe.

Furthermore, when a URL is determined malicious post-gateway, the next step is to pull it out of the inboxes that it’s sitting in. Pulling out wrapped, rewritten URLs can be tricky because they don’t match the identified malicious URL.

Vision 2.2 enables more thorough search and quarantine operations by adding support for URLs wrapped by the following providers:

  • Barracuda
  • FireEye
  • Proofpoint v3
  • Safe Links (Expanded Servers)
  • Zix (AppRiver/Edgepilot)

These providers join a growing list of others which Vision now offers URL Wrapping support for:

  • Cisco IronPort
  • Click Time
  • Mittum
  • Proofpoint v1 and v2
  • Safe Links

What’s mentioned above are just some of the highlights of these exciting product releases. To learn more about these and other capabilities and to see Triage or Vision in action, request a live demonstration today.

If you’re an existing Cofense operator, please reach out to your dedicated customer experience representative for more information.

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats. Past performance is not indicative of future results.

The Cofense® and PhishMe® names and logos, as well as any other Cofense product or service names or logos displayed on this blog are registered trademarks or trademarks of Cofense Inc.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.