Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Cofense Threat Intel Feed | cofense_threat_indicators | NDJSON | API | ||||
Cofense Reports | ✅ | cofense_reports | NDJSON | API |
Overview
Cofense, formerly known as PhishMe, is a provider of comprehensive cybersecurity solutions that focus on empowering organizations to detect, respond to, and mitigate phishing threats. Their services include phishing detection and response tools, as well as training and simulation products to enhance employees' awareness and ability to identify phishing attempts.
Cofense integrates with existing email infrastructure and security systems, enhancing them with its phishing-specific detection and response capabilities. The integration is designed to be seamless, providing organizations with a layered defense strategy that includes end-user awareness and automated phishing defense mechanisms.
Supported data types
Cofense Threat Intel Feed
Table name: cofense_threat_indicators
The Cofense Intelligence Feed provides organizations with actionable, timely, and prioritized threat intelligence specifically focused on phishing attacks. This service is part of Cofense's broader cybersecurity offerings aimed at empowering organizations to proactively defend against and respond to phishing threats.
Cofense Reports
Table name: cofense_reports
Cofense provides several types of reports that organizations can use to understand the landscape of phishing threats and the effectiveness of their anti-phishing strategies. These reports are derived from the wide array of data collected through their phishing detection and response tools, simulation services, and intelligence feeds.
Send data to Hunters
Hunters support API collection for Cofense events.
Retrieve the following information from your Cofense account or from Cofense Support:
client_idclient_secret
Complete the process on the Hunters platform, following this guide.
Expected format
Logs are expected in JSON format.
Cofense Threat Intel Feed
{
"attributes": {
"created_at": "2022-02-01T22:24:43.049Z",
"threat_level": "Malicious",
"threat_source": "PDC-TIP",
"threat_type": "URL",
"threat_value": "https://goldencareer.co.in/En-M/",
"updated_at": "2022-02-01T22:24:43.049Z"
},
"id": "2",
"links": {
"self": "https://test.cofense.com/api/public/v2/threat_indicators/2"
},
"relationships": {
"comments": {
"links": {
"related": "https://test.cofense.com/api/public/v2/threat_indicators/2/comments",
"self": "https://test.cofense.com/api/public/v2/threat_indicators/2/relationships/comments"
}
},
"owner": {
"data": {
"id": "1",
"type": "api_applications"
},
"links": {
"related": "https://test.cofense.com/api/public/v2/threat_indicators/2/owner",
"self": "https://test.cofense.com/api/public/v2/threat_indicators/2/relationships/owner"
}
},
"reports": {
"links": {
"related": "https://test.cofense.com/api/public/v2/threat_indicators/2/reports",
"self": "https://test.cofense.com/api/public/v2/threat_indicators/2/relationships/reports"
}
}
},
"type": "threat_indicators"
}
Cofense Reports
{
"id": "51618",
"type": "reports",
"links": {
"self": "https://test.cofense.com/api/public/v2/reports/51618"
},
"attributes": {
"location": "Processed",
"risk_score": 12,
"from_address": null,
"subject": "test sbuject",
"received_at": "2024-03-14T01:50:00.000Z",
"reported_at": "2024-03-14T01:50:00.000Z",
"raw_headers": "test headers",
"text_body": "Monitoring E-Mail Delivery. Analysts please IGNORE this e-mail",
"html_body": "",
"md5": "babe958e29053daab3c41d14f8cc05e8",
"sha256": "c10e6d414dd0d548d03a8e27842015834411016e310347a63dbf11f9bf74bc4d",
"match_priority": 1,
"attachment_details": null,
"attachments_count": 0,
"comments_count": 1,
"rules_count": 1,
"urls": null,
"urls_count": 0,
"tags": [
"tag"
],
"categorization_tags": [
"tag"
],
"first_processed_at": "2024-03-14T01:50:17.881Z",
"processed_at": "2024-03-14T01:50:17.881Z",
"created_at": "2024-03-14T01:50:08.739Z",
"updated_at": "2024-03-14T01:50:22.784Z"
},
"relationships": {
"assignee": {
"links": {
"self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/assignee",
"related": "https://test.cofense.com/api/public/v2/reports/51618/assignee"
},
"data": null
},
"category": {
"links": {
"self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/category",
"related": "https://test.cofense.com/api/public/v2/reports/51618/category"
},
"data": {
"type": "categories",
"id": "6"
}
},
"cluster": {
"links": {
"self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/cluster",
"related": "https://test.cofense.com/api/public/v2/reports/51618/cluster"
},
"data": null
},
"processed_by": {
"links": {
"self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/processed_by",
"related": "https://test.cofense.com/api/public/v2/reports/51618/processed_by"
},
"data": {
"type": "triggers",
"id": "2"
}
},
"reporter": {
"links": {
"self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/reporter",
"related": "https://test.cofense.com/api/public/v2/reports/51618/reporter"
},
"data": {
"type": "reporters",
"id": "1"
}
},
"attachment_payloads": {
"links": {
"self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/attachment_payloads",
"related": "https://test.cofense.com/api/public/v2/reports/51618/attachment_payloads"
}
},
"attachments": {
"links": {
"self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/attachments",
"related": "https://test.cofense.com/api/public/v2/reports/51618/attachments"
}
},
"cofense_intelligence_indicators": {
"links": {
"self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/cofense_intelligence_indicators",
"related": "https://test.cofense.com/api/public/v2/reports/51618/cofense_intelligence_indicators"
}
},
"domains": {
"links": {
"self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/domains",
"related": "https://test.cofense.com/api/public/v2/reports/51618/domains"
}
},
"headers": {
"links": {
"self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/headers",
"related": "https://test.cofense.com/api/public/v2/reports/51618/headers"
}
},
"hostnames": {
"links": {
"self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/hostnames",
"related": "https://test.cofense.com/api/public/v2/reports/51618/hostnames"
}
},
"urls": {
"links": {
"self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/urls",
"related": "https://test.cofense.com/api/public/v2/reports/51618/urls"
}
},
"rules": {
"links": {
"self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/rules",
"related": "https://test.cofense.com/api/public/v2/reports/51618/rules"
}
},
"threat_indicators": {
"links": {
"self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/threat_indicators",
"related": "https://test.cofense.com/api/public/v2/reports/51618/threat_indicators"
}
},
"comments": {
"links": {
"self": "https://test.cofense.com/api/public/v2/reports/51618/relationships/comments",
"related": "https://test.cofense.com/api/public/v2/reports/51618/comments"
}
}
},
"meta": {
"risk_score_summary": {
"integrations": 0,
"vip": 0,
"reporter": 0,
"rules": 12
}
}
}