Cofense

Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Cofense Threat Intel Feed

cofense_threat_indicators

NDJSON

API

Cofense Reports

✅

cofense_reports

NDJSON

API


Overview

imageCofense, formerly known as PhishMe, is a provider of comprehensive cybersecurity solutions that focus on empowering organizations to detect, respond to, and mitigate phishing threats. Their services include phishing detection and response tools, as well as training and simulation products to enhance employees' awareness and ability to identify phishing attempts.

Cofense integrates with existing email infrastructure and security systems, enhancing them with its phishing-specific detection and response capabilities. The integration is designed to be seamless, providing organizations with a layered defense strategy that includes end-user awareness and automated phishing defense mechanisms.

Supported data types

Cofense Threat Intel Feed

Table name: cofense_threat_indicators

The Cofense Intelligence Feed provides organizations with actionable, timely, and prioritized threat intelligence specifically focused on phishing attacks. This service is part of Cofense's broader cybersecurity offerings aimed at empowering organizations to proactively defend against and respond to phishing threats.

Cofense Reports

Table name: cofense_reports

Cofense provides several types of reports that organizations can use to understand the landscape of phishing threats and the effectiveness of their anti-phishing strategies. These reports are derived from the wide array of data collected through their phishing detection and response tools, simulation services, and intelligence feeds.

Send data to Hunters

Hunters support API collection for Cofense events.

  1. Retrieve the following information from your Cofense account or from Cofense Support:

    • client_id

    • client_secret

  2. Complete the process on the Hunters platform, following this guide.

Expected format

Logs are expected in JSON format.

Cofense Threat Intel Feed

{
    "attributes": {
        "created_at": "2022-02-01T22:24:43.049Z",
        "threat_level": "Malicious",
        "threat_source": "PDC-TIP",
        "threat_type": "URL",
        "threat_value": "https://goldencareer.co.in/En-M/",
        "updated_at": "2022-02-01T22:24:43.049Z"
    },
    "id": "2",
    "links": {
        "self": "https://test.cofense.com/api/public/v2/threat_indicators/2"
    },
    "relationships": {
        "comments": {
            "links": {
                "related": "https://test.cofense.com/api/public/v2/threat_indicators/2/comments",
                "self": "https://test.cofense.com/api/public/v2/threat_indicators/2/relationships/comments"
            }
        },
        "owner": {
            "data": {
                "id": "1",
                "type": "api_applications"
            },
            "links": {
                "related": "https://test.cofense.com/api/public/v2/threat_indicators/2/owner",
                "self": "https://test.cofense.com/api/public/v2/threat_indicators/2/relationships/owner"
            }
        },
        "reports": {
            "links": {
                "related": "https://test.cofense.com/api/public/v2/threat_indicators/2/reports",
                "self": "https://test.cofense.com/api/public/v2/threat_indicators/2/relationships/reports"
            }
        }
    },
    "type": "threat_indicators"
}

Cofense Reports

{
            "id": "51618",
            "type": "reports",
            "links": {
                "self": "https://test.cofense.com/api/public/v2/reports/51618"
            },
            "attributes": {
                "location": "Processed",
                "risk_score": 12,
                "from_address": null,
                "subject": "test sbuject",
                "received_at": "2024-03-14T01:50:00.000Z",
                "reported_at": "2024-03-14T01:50:00.000Z",
                "raw_headers": "test headers",
                "text_body": "Monitoring E-Mail Delivery. Analysts please IGNORE this e-mail",
                "html_body": "",
                "md5": "babe958e29053daab3c41d14f8cc05e8",
                "sha256": "c10e6d414dd0d548d03a8e27842015834411016e310347a63dbf11f9bf74bc4d",
                "match_priority": 1,
                "attachment_details": null,
                "attachments_count": 0,
                "comments_count": 1,
                "rules_count": 1,
                "urls": null,
                "urls_count": 0,
                "tags": [
                    "tag"
                ],
                "categorization_tags": [
                    "tag"
                ],
                "first_processed_at": "2024-03-14T01:50:17.881Z",
                "processed_at": "2024-03-14T01:50:17.881Z",
                "created_at": "2024-03-14T01:50:08.739Z",
                "updated_at": "2024-03-14T01:50:22.784Z"
            },
            "relationships": {
                "assignee": {
                    "links": {
                        "self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/assignee",
                        "related": "https://test.cofense.com/api/public/v2/reports/51618/assignee"
                    },
                    "data": null
                },
                "category": {
                    "links": {
                        "self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/category",
                        "related": "https://test.cofense.com/api/public/v2/reports/51618/category"
                    },
                    "data": {
                        "type": "categories",
                        "id": "6"
                    }
                },
                "cluster": {
                    "links": {
                        "self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/cluster",
                        "related": "https://test.cofense.com/api/public/v2/reports/51618/cluster"
                    },
                    "data": null
                },
                "processed_by": {
                    "links": {
                        "self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/processed_by",
                        "related": "https://test.cofense.com/api/public/v2/reports/51618/processed_by"
                    },
                    "data": {
                        "type": "triggers",
                        "id": "2"
                    }
                },
                "reporter": {
                    "links": {
                        "self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/reporter",
                        "related": "https://test.cofense.com/api/public/v2/reports/51618/reporter"
                    },
                    "data": {
                        "type": "reporters",
                        "id": "1"
                    }
                },
                "attachment_payloads": {
                    "links": {
                        "self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/attachment_payloads",
                        "related": "https://test.cofense.com/api/public/v2/reports/51618/attachment_payloads"
                    }
                },
                "attachments": {
                    "links": {
                        "self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/attachments",
                        "related": "https://test.cofense.com/api/public/v2/reports/51618/attachments"
                    }
                },
                "cofense_intelligence_indicators": {
                    "links": {
                        "self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/cofense_intelligence_indicators",
                        "related": "https://test.cofense.com/api/public/v2/reports/51618/cofense_intelligence_indicators"
                    }
                },
                "domains": {
                    "links": {
                        "self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/domains",
                        "related": "https://test.cofense.com/api/public/v2/reports/51618/domains"
                    }
                },
                "headers": {
                    "links": {
                        "self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/headers",
                        "related": "https://test.cofense.com/api/public/v2/reports/51618/headers"
                    }
                },
                "hostnames": {
                    "links": {
                        "self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/hostnames",
                        "related": "https://test.cofense.com/api/public/v2/reports/51618/hostnames"
                    }
                },
                "urls": {
                    "links": {
                        "self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/urls",
                        "related": "https://test.cofense.com/api/public/v2/reports/51618/urls"
                    }
                },
                "rules": {
                    "links": {
                        "self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/rules",
                        "related": "https://test.cofense.com/api/public/v2/reports/51618/rules"
                    }
                },
                "threat_indicators": {
                    "links": {
                        "self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/threat_indicators",
                        "related": "https://test.cofense.com/api/public/v2/reports/51618/threat_indicators"
                    }
                },
                "comments": {
                    "links": {
                        "self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/comments",
                        "related": "https://test.cofense.com/api/public/v2/reports/51618/comments"
                    }
                }
            },
            "meta": {
                "risk_score_summary": {
                    "integrations": 0,
                    "vip": 0,
                    "reporter": 0,
                    "rules": 12
                }
            }
        }