Cofense Triage Adds Modern Authentication Support and Additional Analysis Capabilities for Operators
By Megan Horner
Cofense Triage 1.23.2 introduces capabilities that enhance both security configuration options and communication inside and outside the user interface. In this latest release, Cofense Triage 1.23.2, various capabilities were added including:
- Modern Authentication for outbound email
- Tracking for both encoded and decoded URLs
- Automated activity tracking on processed emails
- Editable system notification templates
Let’s dig into the details of each.
Modern Authentication support for Outgoing Email Connection in Microsoft 365 and Google Workspace
Organizations using Microsoft 365 or Google Workspace will be able to secure an outgoing email connection with Triage via Modern Authentication. Triage 1.23.2 will leverage Graph API for Microsoft 365 and the Gmail API for Google Workspace / Gmail allowing operators to get ahead of forced transitions expected to happen in the upcoming months as the services begin to sunset basic authentication methods.
SMTP with basic authentication will continue to be supported, giving organizations options and enabling Triage to follow whichever authentication processes are practiced across the rest of the business.
Added Visibility into IOCs with Encoded and Decoded URL Tracking
There is value in exposing and tracking encoded and decoded URLs together. It gives analysts a full picture of what’s being utilized by nefarious actors and provides insight into all URL paths and potential characters being used. In the latest version of Triage, operators now have visibility into identified URLs and host names, and thanks to an easy to navigate table complete with filtering capabilities, can instantly search and understand how decoded URLs are related to encoded or obfuscated rewritten URLs.
It now takes only a moment to understand the relationship between encoded and decoded URLs and interact with them directly from the Triage user interface.
Figure 1: View & Interact with Both Encoded and Decoded URLs
Keep Tabs on What Happened During the Analysis of Processed Emails
Security is a team sport and with the rise of automation there is an added level of complexity when it comes to understanding what has happened during the process of analyzing reported potential phish. Whether it’s for auditing or an after-action review, Triage now makes it easier to understand what specific actions – both manual and automated – were taken during analysis. Useful information like who or what processed the report, when the processing event took place, and if it was deemed malicious or non-malicious, helps to paint the picture of how a specific conclusion was drawn and what steps it took to get there.
Figure 2: Document All Activity Associated with Processed Reports
Editable System Notification Templates for More Customized Messaging
System notifications are important when considering everyday tasks like password resets and onboarding new operators. With the latest updates to Cofense Triage, operators can now edit provided templates for a variety of predefined notifications. This seemingly slight detail makes a big difference when considering things like organization-specific language and policies that must be included in the body of these email notifications.
To learn more about Cofense Triage or to see these new capabilities in action, please request a demo at https://go.cofense.com/live-demo/.