Overview
What is Cofense Triage?
Cofense Triage accelerates phishing qualification, investigation, and response by automating standard responses to suspicious emails to make analysts more efficient and driving out actionable intelligence, and providing incident response playbook.
Cofense Triage - 2 years after
Cofense Review - Highly recommend if within budget
Cofense is on top two and not number two!
Love Triage
What business problems does it address? Reporting suspicious emails.
Triage has been great for noise reduction
Cofense Triage - Saving Time and Effort in the Fight for Accurate Phishing Detection and Response
Great email threat analysis tool
Cofense Triage from an MSSP point-of-view
Cofense Triage is Great!
Cofence Triage - Value for Money
Threat Scope.
Simple Yet Effective Tool
Get Protection to emails only through Cofense Triage
Time Saver for SOC Analysts
Cofense Triage Review
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized Dashboard (35)7.979%
- Live Response for Rapid Remediation (31)6.868%
- Integration with Other Security Systems (34)6.565%
- Attack Chain Visualization (27)6.565%
Reviewer Pros & Cons
Pricing
What is Cofense Triage?
Cofense Triage accelerates phishing qualification, investigation, and response by automating standard responses to suspicious emails to make analysts more efficient and driving out actionable intelligence, and providing incident response playbook.
Entry-level set up fee?
- Setup fee optional
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
9 people also want pricing
Alternatives Pricing
What is CrowdStrike Falcon?
CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no…
What is KnowBe4 PhishER/PhishER Plus?
PhishER is presented as a lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate threat response and manage the high volume of potentially malicious email messages reported by users. And, with automatic prioritization of emails, PhishER helps InfoSec and Security…
Features
Incident Response Platforms
Incident response (IR) platforms guide countermeasures against a security breach and deploy preplanned, automated threat responses
- 6.5Integration with Other Security Systems(34) Ratings
Pre-built integration with other security systems like SIEM and threat intelligence
- 6.5Attack Chain Visualization(27) Ratings
Attack chain visualization to help identify root cause
- 7.9Centralized Dashboard(35) Ratings
A central dashboard provides analysts with a clear look at the most important data
- 6.8Live Response for Rapid Remediation(31) Ratings
Live remediation response allows incident responders to initiate remediation from anywhere over secure connection
Product Details
- About
- Integrations
- Competitors
- Tech Details
- Downloadables
- FAQs
What is Cofense Triage?
Cofense Triage Features
Incident Response Platforms Features
- Supported: Integration with Other Security Systems
- Supported: Attack Chain Visualization
- Supported: Centralized Dashboard
- Supported: Live Response for Rapid Remediation
Additional Features
- Supported: Extensive & regularly updated rules library to identify emerging & evolving phishing threats
- Supported: Smart clustering to group reported emails based on threat payload
- Supported: Noise Reduction Engine to aid classification and processing of non-malicious reported emails
- Supported: Integration with VirusTotal and other security tools including SIEM & Threat Analysis solutions
- Supported: Comprehensive API
- Supported: Create Recipes to automate processing of reported emails
- Supported: Integrate with Cofense Vision for quick-click phish threat hunting and quarantine
- Supported: Provide feedback to users who report to support awareness programs
- Supported: Triage Community Exchange enabling crowdsourced threat intelligence
Cofense Triage Screenshots
Cofense Triage Video
Cofense Triage Integrations
- VirusTotal
- SIEM solutions via Syslog
- Cisco Umbrella Investigate
- Lastline Analyst
- Palo Alto Wildfire
- Cuckoo Sandbox
- ServiceDesk solutions via Email
Cofense Triage Competitors
- Agari Phishing Response
- KnowBe4 PhishER/PhishER Plus
- Avanan
- Proofpoint/Wombat PhishAlarm Analyzer
Cofense Triage Technical Details
Deployment Types | On-premise, Software as a Service (SaaS), Cloud, or Web-Based |
---|---|
Operating Systems | Windows, Linux, Mac, Linux virtual appliance |
Mobile Application | No |
Supported Countries | Global |
Supported Languages | English |
Cofense Triage Downloadables
Frequently Asked Questions
Cofense Triage Customer Size Distribution
Consumers | 0% |
---|---|
Small Businesses (1-50 employees) | 1% |
Mid-Size Companies (51-500 employees) | 13% |
Enterprises (more than 500 employees) | 86% |
Comparisons
Compare with
Reviews and Ratings
(70)Community Insights
- Business Problems Solved
Cofense Triage offers a range of valuable use cases for users seeking to improve their email security. With its automated scanning and analysis capabilities, it helps users identify phishing and spam emails, reducing the risk of falling victim to cyberattacks. By integrating a button into the email platform, end users can easily report suspicious emails, increasing user reporting and further enhancing email security. This feature has been well-received by customers, who have praised its effectiveness in identifying malicious emails.
Administrators also benefit from Cofense Triage as they can set up triage and roles for employees, streamlining the process and enabling efficient threat remediation and user education. The software's comprehensive history and analysis of phishing and spamming emails are highly regarded by users as it aids in minimizing the impact of data breaches and assists in creating rules to prevent future phishing attempts.
Users appreciate the customization options provided by Cofense Triage, allowing them to create rules and recipes tailored to their specific requirements. This customization not only enhances their threat hunting skills but also automates responses, saving time and improving efficiency. Additionally, the software's ability to analyze email headers and detect suspicious emails has proven to be a valuable time-saver by presenting important information upfront and reducing the time spent on spam and benign messages.
Cofense Triage stands out with its capability to prioritize the severity of phishing emails, helping users determine which ones require immediate attention. Integration with Cofense Vision allows for quarantining these harmful emails, preventing potential harm to systems. Users have found this collaboration between the two tools particularly useful in efficiently collecting valuable information while protecting against phishing campaigns.
In terms of management capabilities, Cofense Triage excels at aggregating and organizing thousands of suspicious emails reported by employees. This centralization eases analysis processes conducted by security teams, enabling effective decision-making on remediation actions. Analysts also find value in having a centralized portal to review and respond to phishing emails, greatly enhancing their ability to document and protect against phishing campaigns.
The software's effectiveness in identifying various types of phishing attacks, including credential theft, business email compromise, malware, and social engineering, has garnered positive feedback from customers. Its ability to prevent numerous phishing campaigns by providing distinct insights into the types of emails received daily is highly appreciated.
Cofense Triage caters to users seeking efficiency in their email triage process. It allows for automatic categorization of emails and provides predefined responses based on defined criteria, saving time and improving overall productivity.
Managed service providers also find value in Cofense Triage as it enables them to efficiently triage reported emails and provide analysis for their clients. This streamlines the triage process and supports the analysis of targeted campaigns, ultimately improving the overall efficiency of their operations.
Overall, Cofense Triage serves as a reliable email security solution for both end users and administrators. By automating the scanning, analysis, and blocking of malicious emails, it helps users identify and prevent phishing and spam attacks. The software's customizable rules and recipes enhance threat hunting capabilities, while its detailed history and analysis of phishing emails aid in minimizing data breaches. With its seamless integration with the email platform and ability to prioritize severity, Cofense Triage streamlines the triage process and empowers organizations to effectively respond to phishing threats.
Attribute Ratings
Reviews
(1-25 of 38)Cofense Triage - 2 years after
It also enables automatic categorization of emails based on set of predefined and custom rules which streamlines triage process.
Lastly, platform allows automatic response to be sent to the end-user based on defined criterias.
Using Cofense Triage allows us to triage a subset of incoming reports and identify real phishing cases amongst those
- Grouping of incoming reports
- Overview of metadata related to email, including rendered preview
- Informative dashboard with quite some indicators available for selection
- Product support could be better - there was an issue with some user accounts which was not resolved for a very long time
- Lacking AI\ML capabilities - platform requires continuous efforts to be invested by the personnel in order to keep the quality of rules\automations high
- Automatic remediation (e.g. purge of emails from mail server) of confirmed Phishing cases is not available - this is a separate product
Tool is not helping too much in improving user-education, because automated response process is not immediate and is prone to errors.
Cofense Review - Highly recommend if within budget
- Presenting Relevant Info
- Automation
- Reducing Noise
- Clustering is very hit or miss. Sometimes it clusters things that shouldn't be, and other times it would be nice if it clustered additional emails that weren't caught.
Cofense is on top two and not number two!
- Automated E-mail analysis.
- Automated E-mail scanning.
- Automated Malicious E-mail Blocking.
- Reporting to administrators.
- None
- None
- None
Love Triage
What business problems does it address? Reporting suspicious emails.
- Provides a safe environment for investigation of potentially malicious emails
- Ability to automate responses to reported emails
- Makes reading of headers and attachments easy
- Ability to leave a comment across clusters
Triage expands/explodes the relevant parts of an email into easy to read pieces speeding up investigation times. Saves us hours.
The ability to cluster like reports and easily respond findings to all submitters at once.
Triage has been great for noise reduction
- Email Reporting
- customization
- playbooks
- updates
- maintenance
Cofense Triage - Saving Time and Effort in the Fight for Accurate Phishing Detection and Response
- Groups emails of the same type together
- Applies tags to emails based on rules
- Allows quick and efficient responses to users
- The ability to customize responses on the fly would be helpful
- The ability to hover over elements in the HTML preview to get a mouseover tool tip of things like the URL (not-clickable) would be a great improvement
Great email threat analysis tool
- Clear view of all emails reported
- Easy classification according to playbooks
- Email breakdown in URLs, attachment and HTML code
- Outdated UI
- Lacking better user management
- Short amount of filters
Cofense Triage from an MSSP point-of-view
- Risk rating emails using rules.
- Scoring reporters based on their performance at reporting malicious vs non-malicious emails.
- Previews and rating attachments.
- Integrations using APIs to allow quicker analysis of URLs.
- Adding additional mailboxes which can be customised for different analysts or rules to prioritise a 'Suspected Malicious' mailbox over a 'Suspected Spam' etc. mailbox.
- Recipies and Triggers appear to be an overlap and 2 features which do the same thing.
- Showing comments made on a cluster in the mailbox view can often help save time, rather than entering the contents of a message to see this information.
- Automatic comments on messages based on a playbook would be useful, this may be a feature that exists on new versions however.
Cofense Triage is Great!
- Helps to categorise emails
- Helps identify malicious emails
- Easy to navigate with accessible dashboard
- Include customizable categories for emails
- Manual reporter score alterations
- Display comments in table view
Cofence Triage - Value for Money
- Clusters email to prioritize them
- Automated Response to Reporters
- Consolidated email to proxy team
- identifying who else in the organization had received the similar email
- rule creations
- configuring 3rd party APIs
- NA
- Small organization may not need them.
Threat Scope.
- Threat Intelligence.
- Reputation analysis.
- More integrations.
Simple Yet Effective Tool
- Automation using YARA
- Clustering
- Pulling IOCs
- Custom responses
- Comments when reporting an email from Microsoft Outlook
- Open source intelligence integration
- Auto-pulling emails
Get Protection to emails only through Cofense Triage
- Processed reports by type of emails which came during the day
- Process reports by category (Non-malicious, spam, malware, fraud )
- Average time to process a report
- Cofense Intelligence rules
- Improvement for email parsing like there are many parameters where the emails go through but sometimes they fail and becomes unparsed and the emails get into a pending state
Time Saver for SOC Analysts
- URL
- HTML Body
- HTML Preview
- Phising/Spam Button
- A button to automatically simplify or beautify the HTML body.
Cofense Triage Review
- Collect IOC's
- Manage detection rules
- Good Outlook plugin
- User interface
Good and Effiecient Tool to use
- Providing Metrics to the member firms
- Filtering of the spams
- Feedback to users
- Initial threat identification
- Still evaluating current processes
Cofense Triage Great product
- Overview of all reported mails.
- Customizable feedback towards reporter flexibility
- Customizable Quick action menu
- Integration with other tooling
- Rules & recipies
- Analyzing a mail is made easy due to the way the views are setup for the analyst
- Analyzing attachments is a bit cumbersome
Cofense Triage Review
- Reported email processing
- Email management
- Email categorization
- Extensive reporting
- Blocking phishing emails
- Inline content filtering
Good product but needs some more work
- Easy analysis of emails.
- Easy pivot to Cofense Vision.
- Identifying IOCs.
- Expand IOCs beyond URLs and hashes.
- Include a sandbox to see what payloads might be doing.
Cofense Triage "An Amazing show stopper for Phishing mails"
- Email Header Analysis and severity prioritization.
- Intel fetch for the latest threats in the wild.
- Auto Quarantine mails after integration with Cofense Vision.
- User Interface.
- Rule making should be in high level language.
- Integration with SOAR.
Triage is good, but not great
- Separating links and attachments contained in the email, and checking to see if they are known malicious.
- Clustering like emails to save time when responding.
- Providing risks scores with each cluster to give an estimate on which clusters should be addressed first.
- plugin regularly disappears from outlook and is not available on all mobile platforms
- UI updates tend to make the Triage page look nicer at first glance, but have often caused it to be more clunky and harder to use.
- Lacks some features such as being able to send one off responses to submitted emails instead of just canned responses.
Great tool for protection from Phish
- Extraction of IOCs
- Rules and recipes for automation.
- Assist triage
- API could be further improved for integration with other tools.
- Improve Splunk Phantom App for two way communication.
- Enable Catch a Phish support in the latest Mac OS (Catalina).
Cofense Triage operator review
- Cluster email reports from users.
- Respond to users.
- Whitelist known benign emails.
- I would not consider Cofense Triage a full IR/investigation tool. The reporting is limited; you can't have analysts assign clusters like queues and cannot categorize outcomes. For instance, if you categorize something as credential theft you cannot add notes or anything indicating whether that attempt was successful.
Cofense Triage Review
- Breaks down emails in a safe way for analysis.
- Sends responses to reporters about their reported emails.
- Breaks down metrics of what types of emails are reported every month.
- Easier searching & reporting.
- Ability to integrate with ticketing system.