Cofense Triage Adds Modern Authentication Support and Additional Analysis Capabilities for Operators

Share Now


By Megan Horner

Cofense Triage 1.23.2 introduces capabilities that enhance both security configuration options and communication inside and outside the user interface. In this latest release, Cofense Triage 1.23.2, various capabilities were added including:

  • Modern Authentication for outbound email
  • Tracking for both encoded and decoded URLs
  • Automated activity tracking on processed emails
  • Editable system notification templates

Let’s dig into the details of each.

Modern Authentication support for Outgoing Email Connection in Microsoft 365 and Google Workspace

Organizations using Microsoft 365 or Google Workspace will be able to secure an outgoing email connection with Triage via Modern Authentication. Triage 1.23.2 will leverage Graph API for Microsoft 365 and the Gmail API for Google Workspace / Gmail allowing operators to get ahead of forced transitions expected to happen in the upcoming months as the services begin to sunset basic authentication methods.

SMTP with basic authentication will continue to be supported, giving organizations options and enabling Triage to follow whichever authentication processes are practiced across the rest of the business.

Added Visibility into IOCs with Encoded and Decoded URL Tracking

There is value in exposing and tracking encoded and decoded URLs together. It gives analysts a full picture of what’s being utilized by nefarious actors and provides insight into all URL paths and potential characters being used. In the latest version of Triage, operators now have visibility into identified URLs and host names, and thanks to an easy to navigate table complete with filtering capabilities, can instantly search and understand how decoded URLs are related to encoded or obfuscated rewritten URLs.

It now takes only a moment to understand the relationship between encoded and decoded URLs and interact with them directly from the Triage user interface.

Figure 1: View & Interact with Both Encoded and Decoded URLs

Keep Tabs on What Happened During the Analysis of Processed Emails

Security is a team sport and with the rise of automation there is an added level of complexity when it comes to understanding what has happened during the process of analyzing reported potential phish. Whether it’s for auditing or an after-action review, Triage now makes it easier to understand what specific actions – both manual and automated – were taken during analysis. Useful information like who or what processed the report, when the processing event took place, and if it was deemed malicious or non-malicious, helps to paint the picture of how a specific conclusion was drawn and what steps it took to get there.

Figure 2: Document All Activity Associated with Processed Reports

Editable System Notification Templates for More Customized Messaging

System notifications are important when considering everyday tasks like password resets and onboarding new operators. With the latest updates to Cofense Triage, operators can now edit provided templates for a variety of predefined notifications. This seemingly slight detail makes a big difference when considering things like organization-specific language and policies that must be included in the body of these email notifications.

To learn more about Cofense Triage or to see these new capabilities in action, please request a demo at

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats.
The Cofense® and PhishMe® names and logos, as well as any other Cofense product or service names or logos displayed on this blog are registered trademarks or trademarks of Cofense Inc.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.