Cofense Triage 


Cofense Triage (PhishMe Triage) provides our response teams with the rapid, detailed information they need to address e-mail threats quickly and efficiently without wasting time chasing false positives.Kevin Emert, CISO, Scripps Networks Interactive

While the numbers have improved in the last few years, 146 Days is still a long time for a hacker or cybercriminal to have access to your network resources and sensitive data.

With over 90% of breaches attributed to phishing emails targeting employees, we must shift our focus from relying on technology alone to engaging our most plentiful resource—our people.

Cofense Triage is the first phishing-specific incident response platform that allows security operation (SOC) and incident responders to automate the prioritization, analysis and response to phishing threats that bypass your email security technologies. It gives you the visibility and analytics you need to speed processing and response to employee-reported phishing threats and decrease your risk of breach.

Discover Real Threats

Unfortunately, attacks continue to get through our layered security. When they do, Cofense Triage provides real-time visibility and fast verification of attacks in progress.  Once verified, attack intelligence can be pushed to defense layer, operational teams and incident management solutions.

Flexible Deployment Options

Cofense Triage is now available via multiple deployment options—making phishing incident response more available and attractive to enterprises of all needs and sizes:

  • Cofense Triage – Available as a virtual appliance, completely managed by your internal teams.
  • Cofense Triage Cloud – Dedicated instance hosted in Cofense’s secure cloud infrastructure with operational usage by customer.
  • Cofense Triage Managed – Hosted and fully managed by our Phishing Defense Center. Learn more here.


Cofense Triage seamlessly integrates with your existing security solutions including SIEM, Anti-malware, Analysis and Threat Intelligence solutions and shares IOC/IOPs with upstream security teams to block future attacks.  Cofense integrations include

  • Syslog Integrations
  • External Lookups
  • Configured Integrations

Cofense continues to develop partnerships and integrations with security providers.  See an updated list of integrations and Technology Alliance Partners here.

Save Time. Increase Effectiveness.

It’s true.  One Cofense customer was able to reallocate 2 FTEs after deploying Cofense Triage and improved their ability to stop attacks in progress.

Cofense Triage saves time – automatically prioritizing reported emails and eliminating time spent chasing false positives.  By eliminating the noise, Cofense Triage allows you to focus on real threats.

Cofense provides a library of YARA rules to help build automated workflows specific to your organizational needs. Cofense customers can also share rules and collaborate on best practices within the Cofense Community.

  • Cofense Triage includes a hex viewer interface, eliminating any need to leave Triage to view attachments with a separate hex viewer.
  • Scheduled weekly reporting available with Cofense Triage provides a management level view to help measure progress in incident volumes and incident response from week to week.


Watch a short overview of Cofense Triage


% Breaches via Phishing


Safe & Secure Customers


Users Turned Informants