Explore the features and benefits of our Partner Portal.
Anti-Phishing Solutions for Technology Alliance Partners
Trusted partner to some of the best technology brands of the world.
A trusted security ecosystem
Cofense provides the capabilities necessary to make more effective decisions on phishing threats facing your company. Our Technology Alliance Program (TAP) provides a strong and mutually beneficial ecosystem with our partners to provide a comprehensive anti-phishing solution. Cofense solutions seamlessly integrate to simplify deployment, improve efficiency, reduce costs, and optimize security investments.
Our integration partners
Cofense Intelligence indicators and reports ingested into Anomali ThreatStream. Install the Cofense Intelligence app from Anomali’s store to ingest phishing URLs, domains, hashes, IPs, malware families, contextual reports, and more. Operationalize workflow with Cofense’s human-verified intelligence that identifies indicators by severity and correlates with phishing campaigns.
Cofense Intelligence human-verified phishing intelligence ingested into Centripetal CleanINTERNET to filter networks from accessing phishing infrastructure. Protect against access to phishing URLs, domains, IPs, and command and control sites.
Cofense Triage submits suspected phishing domains to Cisco Umbrella Investigate to determine risk. Domain indicator results populate Cofense Triage to prioritize phishing investigation and response workflow.
Cofense Intelligence integrates with Cortex XSOAR threat intelligence management module to streamline multiple sources of threat intelligence. Also, integrate with XSOAR playbooks to automate investigation and response actions.
Cofense Triage bidirectionally communicates with XSOAR where phishing indicators can be applied to playbooks and automate response. Use Cortex XSOAR to call Cofense Triage’s API and multiple endpoints and ingest known bad or suspicious emails for incident response and remediation.
Cyware CTIX can ingest Cofense Intelligence phishing indicators in JSON format. Each indicator ingested can be used in playbooks and threat lookups from CTIX to use the threat impact rating of each Cofense Intelligence indicator.
Cofense Triage can bidirectionally exchange phishing indicators including domains, URLs, hash values, and more with Cyware CSOL. Cyware can ingest malicious or suspicious emails from Cofense Triage to use in playbooks.
Cofense Intelligence and EclecticIQ Platform deliver the ability to acquire, aggregate and act from phishing- specific indicators. EclecticIQ Platform ingests phishing IOCs and contextual reports via Cofense’s API. Security teams can act based on Cofense Intelligence indicators through their existing infrastructure to alert or block ingress or egress traffic.
Cofense Triage automatically submits email attachments to Hatching Triage at ingestion. Cofense Triage admins can also resubmit supported attachment types from Triage to Hatching using the API. Analysis results of the submitted attachments are available for review in Hatching’s platform.
IBM QRadar ingests Cofense Intelligence by using Cofense’s app within IBM App Exchange. The intelligence ingested is used in a SOC to monitor and alert on activity matching indicators.
Cofense Triage supports LEEF to send syslog events to QRadar based on rules, recipes, and categorizations. Analysts can then act based on recipe or report categorization as well as when a YARA rule is matched.
Cofense Triage operators can use a Cofense-provided Python script that can safely submit files from Cofense Triage at ingestion to an instance of Joe Sandbox using its API. Analysts can then view the file results in Joe Sandbox to assess its risk.
Cofense Intelligence and King & Union Avalaon deliver the ability to acquire, aggregate and act from phishing-specific intelligence. The Avalon Platform ingests phishing IOCs (domains, URLs, IPs, file hashes) via Cofense’s API. Avalon security teams can act based on Cofense Intelligence indicators through their existing infrastructure to alert or block ingress or egress traffic.
Libraesva’s secure email gateway can ingest reported phishing emails and IOCs via API from Cofense Triage. Libraesva can then apply the indicators to the secure email gateway used by mutual customers.
Cofense Intelligence is ingested into LogRhythm’s platform using Cofense’s API. The ingestion of intelligence is used in a SOC to monitor and alert on activity when a domain, URL, or IP address matches Cofense provided intelligence.
LogRhythm receives CEF-based syslog events from Cofense Triage. Triage will output events based on rules, recipes, and categorizations. Triage admins configure based recipe or report categorization as well as when a YARA rule is matched.
Cofense Intelligence ingested via API with CEF support into ArcSight. Operationalize from Cofense Intelligence phishing URLs, domains, hashes, IPs, malware families, contextual reports, and more.
Cofense Triage operators send their syslog events in CEF to their ArcSight instance. ArcSight will receive events based on rules, recipes, and categorizations. This is done matching recipes, report categorization, or when a YARA rule is matched by an analyst.
Cofense Intelligence imported into RSA NetWitness in STIX format. The ingestion of indicators can be used in a SOC to monitor and alert on activity when an indicator matches what Cofense Intelligence has produced.
Cofense Intelligence ingests into Palo Alto Networks MineMeld application. Create an open source MineMeld server which formats Cofense Intelligence and ingest indicators into Palo Alto Networks next-generation firewalls. The firewalls using external dynamic lists consume the indictors and are applied to firewall security policies.
Cofense Triage automatically submits hashes of attachments or full files to Palo Alto Networks WildFire at ingestion. Cofense Triage admins manually submit any hash or supported attachment type from Triage to WildFire using the API. WildFire will return the results to Cofense Triage with a full malware contextual report. Additionally, Cofense Triage integrates with MineMeld to obtain threat indicators.
Cofense Intelligence and Paterva’s Maltego application integrate, and analysts can gather, interrogate, and visualize data to find threat relationships. Cofense developed transforms for Maltego to visualize relationships between observables within a specific attack and explicitly pinpoint how attackers are delivering their malicious payloads.
Recorded Future has an extension available within the platform to leverage Cofense Intelligence API for human-verified phishing intelligence. Analysts in Recorded Future seamlessly pivot to Cofense Intelligence and obtain indicator validation on IPs, domains, and files.
Cofense Triage operators can query file hash values in the Recorded Future platform. Analysts can view information on the Recorded Future website to validate a file disposition. There is no account required to get “basic” information. The Triage analyst views information from Recorded Future with the option to create an account for more in-depth review.
Cofense Triage can bidirectionally communicate with Siemplify to ingest phishing indicators for Siemplify to process as part of a playbook. Cofense Triage sends reports, threat indicators, reporter information, and phishing incident observables for Siemplify to receive and orchestate. Categorized reports along with indicator analysis tags are capable of ingestion into Siemplify to use in playbooks.
Cofense Intelligence and SentinelOne Endpoint Protection Platform (EPP) provide analysts with the ability to investigate, validate, and remediate based on file hash indicators from phishing specific intelligence. With SentinelOne, security teams can operationalize Cofense Intelligence file hash indicators with SentinelOne blacklists.
ServiceNow Security Operations polls the Cofense Intelligence API in a search-based integration to validate incidents that may be related to phishing. Security Operations makes use of Cofense Intelligence indicator IPs, domains, URLs, and files. Analysts use the results and context for additional actions and orchestration.
Cofense Triage and ServiceNow Security Incident Response leverage Cofense Triage’s bidirectional API to ingest phishing events and create security incidents in ServiceNow SIR. ServiceNow analysts can update reported phishing data in Cofense Triage as well as enrich their threat indicator and observables table received from Cofense.
Cofense Intelligence can be ingested into Splunk using Cofense’s API and the Splunk App available from Splunkbase. Splunk will ingest human-verified phishing indicators and correlate with other events to act when indicators match Cofense Intelligence.
Cofense Triage has an Add-on with Splunk to ingest data from many endpoints. Reported phishing attributes are extracted from Cofense Triage and populate Splunk for enrichment, action, and response in the SOC. Splunk also receives CEF events from based on event criteria as well as when a YARA rule matches.
Leverage Cofense Intelligence to validate suspected phishing incidents. Splunk SOAR’s Cofense Intelligence supported app can be used in many actions to hunt URLs, IPs, files, and domains. Analysts then use Cofense’s results in additional actions and playbooks.
Cofense Triage has a bidirectional app with Splunk SOAR to take advantage of endpoints allowing to ingest phishing attributes and indicators. Categorized reports along with indicator analysis tags are capable of ingestion to use in playbooks.
Cofense Intelligence is used in Sumo Logic’s SOAR platform to validate phishing incident impact so that analysts can make efficient use of their time. Sumo Logic’s SOAR platform leverages Cofense Intelligence indicator IPs, domains, URLs, and files. Analysts use the results and context for additional actions and playbooks.
Cofense Intelligence is a value-added data source integrated with Swimlane’s orchestration platform. Swimlane correlates Cofense Intelligence’s IPs, hashes, domains, and URLs to prioritize and remediate events.
Cofense Triage is a supported application in Swimlane to ingest phishing indicators and employee-reported phishing attributes. Cofense Triage sends IPs, domains, URLs and hashes, for Swimlane to receive and act on. Categorized reports along with indicator analysis tags are capable of ingestion to use in playbooks.
Cofense Intelligence integrates with ThreatConnect to ingest phishing intelligence into the platform. Cofense’s API is leveraged to pull in actionable phishing indicators for analysts to create process around indicator impact ratings.
Cofense Intelligence can be ingested into the ThreatQuotient Threat Intelligence Platform (TIP) using Cofense’s API. Enable Cofense Intelligence from within ThreatQ platform and ingest threat IDs, malware families, URLs, IP addresses, and more.
ThreatQuotient ingests malicious, suspicious, and benign indicators from Cofense Triage by API. Analysts in Cofense Triage tag hashes, domains, URLs, senders, and subjects, that are malicious or suspicious and ThreatQuotient ingests, cross-correlate in its threat library, and allow next step actions based on intelligence results.
Cofense Intelligence is ingested into McAfee ESM using Cofense’s API via a standalone Python script. This CEF ingestion is then used in a SOC to monitor/alert on activity when a domain or IP address matches Cofense Intelligence.
McAfee ESM receives syslog events in CEF from Cofense Triage. ESM will receive the events based on rules, recipes, and categorizations. Analysts can then act based on recipe or report categorization as well as when a YARA rule is matched.
Cofense Intelligence and FireEye Helix Security Orchestrator deliver the ability to investigate, validate, and orchestrate based on indicator impact ratings from phishing-specific intelligence. Ingestion of phishing indicators allow analysts to investigate, search, and respond to phishing events.
Cofense Intelligence can be ingested into Trend Micro TippingPoint and then actionable rules applied. An indicator can have a block rule placed within TippingPoint against IPs, domains, or URLs. This allows analysts to block and monitor based on indicators from Cofense Intelligence.
Cofense Intelligence and Cb Response provide analysts with the ability to investigate, validate, and remediate based on indicator impact ratings from phishing specific intelligence. With Cb Response, security teams operationalize Cofense Intelligence indicators through features such as watchlists, binary and process search, banned hashes, and investigations.
Cofense Triage operators configure Triage to query Lastline Analyst (NSX Detonator) API for results on files and URLs. The files and URLs sent will return results to Triage to prioritize workload. Cofense Triage provides a link to the system for full malware report details.
Partner with Cofense
Increase resiliency, speed up response times, and stop phishing attacks faster.
We provide our MSSPs with the phishing detection and response solutions needed to implement the most advanced phishing defenses, processes, and resources for their customers.
Partner with Cofense
Increase resiliency. Improve your security posture. Grow your business. Drive new revenue.