Cofense Triage 


Cofense TriageTM provides our response teams with the rapid, detailed information they need to address e-mail threats quickly and efficiently without wasting time chasing false positives.– Kevin Emert, Former CISO, Scripps Networks Interactive

No matter how much you invest in “next-gen” email technologies, malicious email makes it past the perimeter. Whether it’s an attempt to deploy malware on your network or steal user credentials, the leading cause of breaches are successful phishing campaigns. It’s easy for organizations to point to the everyday employee as the root cause – as the problem to be solved. We disagree. Cofense™ believes employees – humans – should be empowered as part of the solution to help strengthen defenses, gather real-time attack intelligence, and stop phishing attacks in progress.

Find Bad Faster.

Cofense TriageTM, the first phishing-specific incident response platform, can help you stop active phishing attacks in progress. By leveraging real-time, internally reported attack intelligence from conditioned users, Cofense Triage makes it easy to stop phishing attacks in progress by eliminating the noise of the abuse mailbox, automating standard responses, and orchestrating across your other security systems to quickly respond to and eliminate phishing threats.


Like a composer arranging music for an ensemble, your phishing response needs to involve multiple parts of your organization. Cofense Triage helps your incident responders work across teams to mitigate the phishing threat. To help orchestrate your response, Cofense Triage includes:

  • Noise ReductionTM: Cofense Triage Noise Reduction uses an industry-leading spam engine to remove non-threatening reported messages, freeing your team to focus on real threats.
  • Robust API: Cofense Triage is built around a set of APIs designed to help it “talk” to Triage to automate the process and get the right teams involved, faster.
  • Integration with Existing Solutions: Cofense Triage seamlessly integrates with your existing security solutions, including SIEM, anti-malware, analysis, and threat intelligence solutions.


Detecting and mitigating a phishing attack in progress can involve a lot of steps. The key to getting ahead of these threats is anticipating them. Cofense Triage offers several ways to build repeatable processes to detect threats, including:

  • Rules: Rules identify specific characteristics that Cofense Triage should look for in a reported email, such as a particular sender or subject. Operators can use the rules that Cofense provides or write their own.
  • Recipes: Recipes contain a list of rules as well as instructions to Cofense Triage for handling reported emails that match those rules. Using recipes, operators can create repeatable workflows to automate response to a threat, speeding mitigation.
  • Reporter Reputation: Cofense Triage tracks the type of emails that an individual reports. Employees conditioned to recognize and report genuine threats build a reputation as trusted reporters—a data point that operators can use to evaluate and prioritize risk.


A phish landed. What happens next is the key to mitigating the threat. Cofense Triage helps you respond faster, ultimately making your organization safer. To respond to phishing threats, Cofense Triage includes:

  • Who ElseTM: Find other users who also received that threat email.  It’s great that some users have reported a malicious email, but did any other users also receive it? Search across your entire organization to see the other employees who received the email—even those who did not report it.
  • Quarantine the Threat: Together with Cofense VisionTM, you can quickly contain the threat by quarantining emails across your entire organization directly from within Cofense Triage.
  • Notify Upstream Teams: Use Cofense Triage’s notification capabilities to send an email notification to other team members involved with mitigating the threat, such as a request to your network team to block a domain.

Flexible Deployment Options

Cofense offers multiple ways to deploy Cofense Triage—making phishing incident response more available and attractive to enterprises of all needs and sizes:

  • Cofense Triage On Premises– Available as a virtual appliance, completely managed by your internal teams.
  • Cofense Triage Cloud– Dedicated instance hosted in Cofense’s secure cloud infrastructure.
  • Cofense Phishing Defense Services– Hosted and fully managed by our Phishing Defense Center.