Cofense Triage 


Cofense Triage (PhishMe Triage) provides our response teams with the rapid, detailed information they need to address e-mail threats quickly and efficiently without wasting time chasing false positives.Kevin Emert, CISO, Scripps Networks Interactive

While the numbers have improved in the last few years, it takes an average of 191 Days to detect a data breach. That is a very long time for a hacker or cybercriminal to have access to your network resources and sensitive data. With the vast majority of breaches attributed to phishing emails target employees, we must shift our focus from relying on technology alone to engaging our most plentiful resource—our people. Cofense Triage is the first phishing-specific incident response platform that allows security operation (SOC) and incident responders to automate the prioritization, analysis and response to phishing threats that bypass your email security technologies. It gives you the visibility and analytics you need to speed processing and response to employee-reported phishing threats and decrease your risk of breach.

Discover Real Threats

Even with layered security and next-generation technologies, emails make it past the perimeter. When they do, Cofense Triage provides real-time visibility and fast verification of attacks in progress. It processes emails reported by users and clusters them based on common characteristics. This helps the incident response team determine if an email is a threat. If it is, the team can orchestrate response, pushing attack intelligence everywhere it needs to go: to defense layers, operational teams, and incident management solutions.

Separate the Signal from the Noise

When users report suspicious emails they create a lot of “noise.” For example, commercial emails often raise red flags but are usually benign: newsletters that users sign up for but simply don’t remember, updates from a social networking platform, or spam that made it past existing filters. While not threats, these emails add up and become a nuisance. Triage Noise Reduction uses an industry-leading spam engine to review, score, and categorize emails and cut down the noise. With Cofense-provided YARA rules, write recipes to automate the removal of non-threatening messages and free your incident responders to focus on real threats.


Securing an organization requires a multi-layer approach. Cofense Triage seamlessly integrates with your existing security solutions including SIEM, anti-malware, analysis and threat intelligence solutions, and shares IOC/IOPs with upstream security teams to block future attacks. Cofense Triage also offers an API to integrate with your custom-built applications. Cofense Triage offers a number of integrations, including:

  • Pre-built Integrations
  • Syslog Integrations
  • External Lookups

Cofense is constantly developing partnerships and integrations with complementary security solutions. Find a list of our integrations and Technology Alliance Partners here.

Flexible Deployment Options

Cofense Triage is now available via multiple deployment options—making phishing incident response more available and attractive to enterprises of all needs and sizes:

  • Cofense Triage – Available as a virtual appliance, completely managed by your internal teams.
  • Cofense Triage Cloud – Dedicated instance hosted in Cofense’s secure cloud infrastructure with operational usage by customer.
  • Cofense Triage Managed – Hosted and fully managed by our Phishing Defense Center. Learn more here.

Save Time. Increase Effectiveness. Get Ahead of Threats.

It’s true.  One Cofense customer was able to reallocate 2 FTEs after deploying Cofense Triage and improved their ability to stop attacks in progress. Cofense Triage saves time – automatically prioritizing reported emails and eliminating time spent chasing false positives.  By eliminating the noise, Cofense Triage allows you to focus on real threats.

Cofense provides a library of YARA rules to help build automated workflows specific to your organizational needs. Cofense customers can also share rules and collaborate on best practices within the Cofense Community. When a user reports a suspicious email, Triage lets you query Microsoft Exchange and Office 365 to see who else received the email and if they have opened it. Relay this information to the proper teams to quickly quarantine or remove the email from other users’ inboxes.

  • Cofense Triage includes a hex viewer interface, eliminating any need to leave Triage to view attachments with a separate hex viewer.
  • Scheduled weekly reporting available with Cofense Triage provides a management level view to help measure progress in incident volumes and incident response from week to week.


% Breaches via Phishing


Safe & Secure Customers


Users Turned Informants