Skip to main content
TrustRadius
Cofense Triage

Cofense Triage

Overview

What is Cofense Triage?

Cofense Triage accelerates phishing qualification, investigation, and response by automating standard responses to suspicious emails to make analysts more efficient and driving out actionable intelligence, and providing incident response playbook.

Read more
Recent Reviews

TrustRadius Insights

Cofense Triage offers a range of valuable use cases for users seeking to improve their email security. With its automated scanning and …
Continue reading

Threat Scope.

10 out of 10
August 06, 2022
Incentivized
The system is great; it really does take the worry away of parsing through emails that may be deemed benign or not. The deployment was …
Continue reading

Simple Yet Effective Tool

9 out of 10
July 05, 2022
We use the product to automatically triage emails reported as phishing. We receive a large number of spam emails. Cofense Triage has saved …
Continue reading

Cofense Triage Review

8 out of 10
March 01, 2022
Incentivized
During these busy IT times, there are more and more phishing emails getting delivered in our environment, Cogence Triage helps to manage …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 4 features
  • Centralized Dashboard (35)
    7.9
    79%
  • Live Response for Rapid Remediation (31)
    6.8
    68%
  • Attack Chain Visualization (27)
    6.5
    65%
  • Integration with Other Security Systems (34)
    6.5
    65%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Cofense Triage?

Cofense Triage accelerates phishing qualification, investigation, and response by automating standard responses to suspicious emails to make analysts more efficient and driving out actionable intelligence, and providing incident response playbook.

Entry-level set up fee?

  • Setup fee optional
For the latest information on pricing, visithttps://cofense.com/pricing

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

9 people also want pricing

Alternatives Pricing

What is CrowdStrike Falcon?

CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no…

What is KnowBe4 PhishER/PhishER Plus?

PhishER is presented as a lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate threat response and manage the high volume of potentially malicious email messages reported by users. And, with automatic prioritization of emails, PhishER helps InfoSec and Security…

Return to navigation

Features

Incident Response Platforms

Incident response (IR) platforms guide countermeasures against a security breach and deploy preplanned, automated threat responses

6.9
Avg 8.7
Return to navigation

Product Details

What is Cofense Triage?

Cofense Triage is a phishing-specific solution for qualifying, investigating, and responding to phishing attacks. Cofense Triage integrates intelligence-driven rules to reduce the noise generated by a reporting culture and surface those threats that put an organization at risk. Playbooks enable security operations teams and threat analysts to reduce their workload by automating the analysis of and response to known events, freeing up time to investigate the latest threats to the organization. And, with a fully documented API, Cofense Triage integrates with existing security investments, including ticketing systems and SIEM and SOAR platforms.

Cofense Triage Features

Incident Response Platforms Features

  • Supported: Integration with Other Security Systems
  • Supported: Attack Chain Visualization
  • Supported: Centralized Dashboard
  • Supported: Live Response for Rapid Remediation

Additional Features

  • Supported: Extensive & regularly updated rules library to identify emerging & evolving phishing threats
  • Supported: Smart clustering to group reported emails based on threat payload
  • Supported: Noise Reduction Engine to aid classification and processing of non-malicious reported emails
  • Supported: Integration with VirusTotal and other security tools including SIEM & Threat Analysis solutions
  • Supported: Comprehensive API
  • Supported: Create Recipes to automate processing of reported emails
  • Supported: Integrate with Cofense Vision for quick-click phish threat hunting and quarantine
  • Supported: Provide feedback to users who report to support awareness programs
  • Supported: Triage Community Exchange enabling crowdsourced threat intelligence

Cofense Triage Screenshots

Screenshot of Triage DashboardScreenshot of Triage Dashboard Cluster DetailsScreenshot of Triage Cluster DetailsScreenshot of Triage Cluster Malicious AttachmentScreenshot of Triage Cluster HeadersScreenshot of Triage Reporter DetailsScreenshot of Triage Noise Custom Rules

Cofense Triage Video

Cofense Triage

Cofense Triage Integrations

  • VirusTotal
  • SIEM solutions via Syslog
  • Cisco Umbrella Investigate
  • Lastline Analyst
  • Palo Alto Wildfire
  • Cuckoo Sandbox
  • ServiceDesk solutions via Email

Cofense Triage Competitors

Cofense Triage Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows, Linux, Mac, Linux virtual appliance
Mobile ApplicationNo
Supported CountriesGlobal
Supported LanguagesEnglish

Cofense Triage Downloadables

Frequently Asked Questions

Cofense Triage accelerates phishing qualification, investigation, and response by automating standard responses to suspicious emails to make analysts more efficient and driving out actionable intelligence, and providing incident response playbook.

Agari Phishing Response, KnowBe4 PhishER/PhishER Plus, and Avanan are common alternatives for Cofense Triage.

Reviewers rate Centralized Dashboard highest, with a score of 7.9.

The most common users of Cofense Triage are from Enterprises (1,001+ employees).

Cofense Triage Customer Size Distribution

Consumers0%
Small Businesses (1-50 employees)1%
Mid-Size Companies (51-500 employees)13%
Enterprises (more than 500 employees)86%
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(70)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Cofense Triage offers a range of valuable use cases for users seeking to improve their email security. With its automated scanning and analysis capabilities, it helps users identify phishing and spam emails, reducing the risk of falling victim to cyberattacks. By integrating a button into the email platform, end users can easily report suspicious emails, increasing user reporting and further enhancing email security. This feature has been well-received by customers, who have praised its effectiveness in identifying malicious emails.

Administrators also benefit from Cofense Triage as they can set up triage and roles for employees, streamlining the process and enabling efficient threat remediation and user education. The software's comprehensive history and analysis of phishing and spamming emails are highly regarded by users as it aids in minimizing the impact of data breaches and assists in creating rules to prevent future phishing attempts.

Users appreciate the customization options provided by Cofense Triage, allowing them to create rules and recipes tailored to their specific requirements. This customization not only enhances their threat hunting skills but also automates responses, saving time and improving efficiency. Additionally, the software's ability to analyze email headers and detect suspicious emails has proven to be a valuable time-saver by presenting important information upfront and reducing the time spent on spam and benign messages.

Cofense Triage stands out with its capability to prioritize the severity of phishing emails, helping users determine which ones require immediate attention. Integration with Cofense Vision allows for quarantining these harmful emails, preventing potential harm to systems. Users have found this collaboration between the two tools particularly useful in efficiently collecting valuable information while protecting against phishing campaigns.

In terms of management capabilities, Cofense Triage excels at aggregating and organizing thousands of suspicious emails reported by employees. This centralization eases analysis processes conducted by security teams, enabling effective decision-making on remediation actions. Analysts also find value in having a centralized portal to review and respond to phishing emails, greatly enhancing their ability to document and protect against phishing campaigns.

The software's effectiveness in identifying various types of phishing attacks, including credential theft, business email compromise, malware, and social engineering, has garnered positive feedback from customers. Its ability to prevent numerous phishing campaigns by providing distinct insights into the types of emails received daily is highly appreciated.

Cofense Triage caters to users seeking efficiency in their email triage process. It allows for automatic categorization of emails and provides predefined responses based on defined criteria, saving time and improving overall productivity.

Managed service providers also find value in Cofense Triage as it enables them to efficiently triage reported emails and provide analysis for their clients. This streamlines the triage process and supports the analysis of targeted campaigns, ultimately improving the overall efficiency of their operations.

Overall, Cofense Triage serves as a reliable email security solution for both end users and administrators. By automating the scanning, analysis, and blocking of malicious emails, it helps users identify and prevent phishing and spam attacks. The software's customizable rules and recipes enhance threat hunting capabilities, while its detailed history and analysis of phishing emails aid in minimizing data breaches. With its seamless integration with the email platform and ability to prioritize severity, Cofense Triage streamlines the triage process and empowers organizations to effectively respond to phishing threats.

Attribute Ratings

Reviews

(1-25 of 38)
Companies can't remove reviews or game the system. Here's why
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We utilize Cofense Triage platform to help us dealing with user-reported emails. Platform is automatically grouping reported emails into so-called clusters, based on sender. (This allows bulk-processing of the emails)
It also enables automatic categorization of emails based on set of predefined and custom rules which streamlines triage process.
Lastly, platform allows automatic response to be sent to the end-user based on defined criterias.

Using Cofense Triage allows us to triage a subset of incoming reports and identify real phishing cases amongst those
  • Grouping of incoming reports
  • Overview of metadata related to email, including rendered preview
  • Informative dashboard with quite some indicators available for selection
  • Product support could be better - there was an issue with some user accounts which was not resolved for a very long time
  • Lacking AI\ML capabilities - platform requires continuous efforts to be invested by the personnel in order to keep the quality of rules\automations high
  • Automatic remediation (e.g. purge of emails from mail server) of confirmed Phishing cases is not available - this is a separate product
The tool is very helpful in improving Phishing detection capabilities as it streamlines the process of analyzing user reports a lot. Besides it has a built-in mechanism of rating reporters(end-users) based on their historical performance. Downside - tool requires continuous resource investment to deliver best result.

Tool is not helping too much in improving user-education, because automated response process is not immediate and is prone to errors.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
I work at an MSSP where we use Cofense to manage multiple customers who send us potential phishing emails to analyze. Cofense speeds up this process by presenting important information up front. The information is organized well and it is very easy to triage and come to a determination if an email is legit or malicious. Beyond that, the automation that can be created in Cofense provides a way to easily handle noise and reduce the amount of time working through obvious spam/benign emails.
  • Presenting Relevant Info
  • Automation
  • Reducing Noise
  • Clustering is very hit or miss. Sometimes it clusters things that shouldn't be, and other times it would be nice if it clustered additional emails that weren't caught.
Cofense is well suited for any security center that needs to triage a large amount of reported/suspicious emails and act on them quickly.
Derrick Mmotla | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
I will list the product address and scope of use in one paragraph below. In my organization, we use Cofense Triage for e-mail security. Mainly Cofense Triage automates the scanning, analysis, and blocking of e-mails with malicious intent. Our end users also have the ability to manually report suspicious and potentially malicious e-mails. There is an add-in integrated into our e-mail platform/application, which is a button that end users click to report an e-mail. I receive and see all the e-mails which are reported and analyze which ones are malicious and which ones are not. From there, have an action plan.
  • Automated E-mail analysis.
  • Automated E-mail scanning.
  • Automated Malicious E-mail Blocking.
  • Reporting to administrators.
  • None
  • None
  • None
In my experience as an administrator. Cofense generates reports of the types of e-mails which are scanned, reported, and blocked, and from there, I can present to the board the work which is automated, which gives our analysts the to focus on other issues. It is very well suited to a large business as it enforces automation and collaboration between different IT sectors in my organization. The main reason is it enforces e-mail security. There is no scenario that I can think of where Cofense Triage is less appropriate.
March 03, 2023

Love Triage

Score 10 out of 10
Vetted Review
Verified User
Incentivized
Cofense Triage is used across the whole organization.
What business problems does it address? Reporting suspicious emails.
  • Provides a safe environment for investigation of potentially malicious emails
  • Ability to automate responses to reported emails
  • Makes reading of headers and attachments easy
  • Ability to leave a comment across clusters
The ability for end-users to report an email with a single click of a button.
Triage expands/explodes the relevant parts of an email into easy to read pieces speeding up investigation times. Saves us hours.
The ability to cluster like reports and easily respond findings to all submitters at once.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Triage has been very helpful with remediating phishing emails that hit our employees mailboxes. We are able to use the provided and customized rules to filter out legitimate emails which help our investigators save time by looking at high fidelity alerts. The simplicity of the product is also great for our end users which enables them easy access to report suspected phishing emails.
  • Email Reporting
  • customization
  • playbooks
  • updates
  • maintenance
Cofense Triage has been great for our end users as well as our engineers and investigators. We are able to streamline phishing reports and investigate and respond in a timely manner. This allows us to stay vigilant against phishing techniques while providing a great user experience. Utilizing the provided and customizable rules allows for easy integration to existing workflows and products.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Cofense Triage allows the analysts on our Threat Detection team the ability to quickly review and respond to each of the reported emails by our users. Our response rate to our employees is now 100% and we are able to stay on top of undetected threats that come across in phishing emails. Cofense Triage conducts the initial analysis on these emails and tags them appropriately so that we cut down on the amount of time that we need to spend on each one.
  • Groups emails of the same type together
  • Applies tags to emails based on rules
  • Allows quick and efficient responses to users
  • The ability to customize responses on the fly would be helpful
  • The ability to hover over elements in the HTML preview to get a mouseover tool tip of things like the URL (not-clickable) would be a great improvement
Cofense Triage is well suited for a large enterprise environment where manually reviewing and responding to reported phishing emails would not be feasible. Cofense Triage may not be suitable for smaller organizations, as the cost-to-benefit ratio wouldn't make it a worthwhile investment.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use Cofense Triage to analyze emails reported from users from their email inbox. With the full scope of emails, we can then proceed to break down possible targeted campaigns towards our organization. Also, we can then give access to other teams that will further analyze the emails and classify them in different categories depending on the type of attack, such as credential phishing, malware or business email compromise.
  • Clear view of all emails reported
  • Easy classification according to playbooks
  • Email breakdown in URLs, attachment and HTML code
  • Outdated UI
  • Lacking better user management
  • Short amount of filters
It is best suited for incident response and threat analysis teams, as Cofense Triage allows them to check emails reported by users in real time.
Score 8 out of 10
Vetted Review
Verified User
We run Cofense Triage as an MSSP, offering as part of a managed service to our clients. We provide the analysts who Triage the reported emails, make decisions on their authenticity and malicious intent. Our analysts then provide feedback to the reporter and we summarize details of the overall Triage service on a regular basis. We use Triage in conjunction with Vision to provide an overall email security service.
  • Risk rating emails using rules.
  • Scoring reporters based on their performance at reporting malicious vs non-malicious emails.
  • Previews and rating attachments.
  • Integrations using APIs to allow quicker analysis of URLs.
  • Adding additional mailboxes which can be customised for different analysts or rules to prioritise a 'Suspected Malicious' mailbox over a 'Suspected Spam' etc. mailbox.
  • Recipies and Triggers appear to be an overlap and 2 features which do the same thing.
  • Showing comments made on a cluster in the mailbox view can often help save time, rather than entering the contents of a message to see this information.
  • Automatic comments on messages based on a playbook would be useful, this may be a feature that exists on new versions however.
Triage is an excellent solution for analyzing, categorizing and responding to reported emails. It has a simple interface which is easy to get used to and the features can be used to semi-automate many actions, speeding up the analysis massively. This is a great platform for analyzing small to medium amount of emails (10-20 per analyst per day), however it takes quite a lot of setup of automation to make it useful for larger scale companies.
September 27, 2022

Cofense Triage is Great!

Score 10 out of 10
Vetted Review
Verified User
Incentivized
My company use Cofense Triage to identify and analyse any malicious emails that appear in employee mailboxes. This allows us to protect employees from external threats. We can use examples of these malicious emails to show employees during phishing training exercises. Cofense has helped to address the concerns of phishing emails targeting our employees. The tool is easy to use and easily adaptable to your needs.
  • Helps to categorise emails
  • Helps identify malicious emails
  • Easy to navigate with accessible dashboard
  • Include customizable categories for emails
  • Manual reporter score alterations
  • Display comments in table view
Cofense triage can be used for all businesses as it is easily adaptable to your needs. It is an amazing tool to increase your cyber security defences within the business. So far this month my company have been able to identify 11 malicious emails which otherwise could have gone undetected.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
To solve the phishing response system
  • Clusters email to prioritize them
  • Automated Response to Reporters
  • Consolidated email to proxy team
  • identifying who else in the organization had received the similar email
  • rule creations
  • configuring 3rd party APIs
  • NA
- All enterprise organization who are trying to corelate emails that are missed by the SEGs should use this system
- Small organization may not need them.
August 06, 2022

Threat Scope.

Score 10 out of 10
Vetted Review
Verified User
Incentivized
The system is great; it really does take the worry away of parsing through emails that may be deemed benign or not. The deployment was easy, and managing the solution was also easy; the solution integrates with other solutions, such as Cuckoo, which helps provide greater insight into URLs and attachments.
  • Threat Intelligence.
  • Reputation analysis.
  • More integrations.
It has been well suited for parsing end-user submissions.
Score 9 out of 10
Vetted Review
Verified User
We use the product to automatically triage emails reported as phishing. We receive a large number of spam emails. Cofense Triage has saved us from the manual work required when users forward email queries.
  • Automation using YARA
  • Clustering
  • Pulling IOCs
  • Custom responses
  • Comments when reporting an email from Microsoft Outlook
  • Open source intelligence integration
  • Auto-pulling emails
For high traffic email recipients, like SME companies, Cofence Triage is best suited as it saves time on manual work to review each and every email. Also, the YARA allows us to avoid the pain of handling too many false reports. Another area that we benefit from is grouping similar emails together.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Cofense Triage is used to identify phishing and spam emails in my organization. I play the admin role of setting up triage, roles, etc. for the employees. Business problems the product addresses is we can come to know who, when from where the emails came the full detailed history of phishing and spamming can be seen which gives very very less impact to the organization from data breaching. The scope is we can create many recipes according to our requirements we can see the rules matching etc. overall it's allrounder software for emails which must be a need of all the organization.
  • Processed reports by type of emails which came during the day
  • Process reports by category (Non-malicious, spam, malware, fraud )
  • Average time to process a report
  • Cofense Intelligence rules
  • Improvement for email parsing like there are many parameters where the emails go through but sometimes they fail and becomes unparsed and the emails get into a pending state
The best-suited scenario is we get to know the categories of emails like malicious, non-malicious, spam, malware, fraud, stealing, and data breach we come to know all this in a single place which is Cofense Triage only. We use this every day in our organization and their customer support services are awesome they have the resolution as well the quality of handling stuff
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Cofense Triage is an amazing tool for SOC Analysts. It makes the process of analyzing an email so much easier. The phishing button plugin in Outlook is a great feature and helps us to properly analyze such mails. With various tabs like URL which extracts the URL links from the mail and a preview to see how the mail looks for the user, it makes analyzing easy. Amazing product.
  • URL
  • HTML Body
  • HTML Preview
  • Phising/Spam Button
  • A button to automatically simplify or beautify the HTML body.
When analyzing Phishing or Spam mails, Cofense Triage makes life much easier for all SOC Analysts. When just going through normal email logs, O365 logs is better suited.
March 01, 2022

Cofense Triage Review

Score 8 out of 10
Vetted Review
Verified User
Incentivized
During these busy IT times, there are more and more phishing emails getting delivered in our environment, Cogence Triage helps to manage and create rules to detect, analyze and prevent phishing emails. Triage has a good UI that helps analyze emails in-depth and to conduct a proper investigation with any email.
  • Collect IOC's
  • Manage detection rules
  • Good Outlook plugin
  • User interface
Cofense Triage is well suited for large companies which are receiving large amounts of emails. It makes it easy for users to report suspicious emails and makes it easy for security staff to review, analyze and investigate these emails to avoid having them delivered in the future in case any other security tool fails to detect them.
Score 9 out of 10
Vetted Review
Verified User
We use it in recognising the threats and phishing of emails lead to the member firms and avoid them harming our systems and in the future, it will have greater use in our company and its features. Also, it is more efficient in terms of collecting all the information and supporting the systems.
  • Providing Metrics to the member firms
  • Filtering of the spams
Providing the Metrics to the member firms would be the best and also it is helpful in driving the data easily and in an efficient manner.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Identifying malicious phishing emails has been an ongoing task when working directly with the individuals who receive the emails. Adding this capability will better allow users to provide first hand identification along with allowing feedback to those individuals. Providing the feedback from these types of events has not been a completely seamless and accurate process in the past.
  • Feedback to users
  • Initial threat identification
  • Still evaluating current processes
Providing a first line of defense across a networked local and remote environment against phishing attempts via mail is almost a requirement these days and Cofense Triage takes that to a new level.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
[Has] a clear and easy way for [an] end-user to report potential phishing attempts with the phish me button. We can configure ourselves how much feedback and in which stage of the phishing triage the end-user receives feedback. The tool gives our security analyst the flexibility and capability to handle a high volume of phishing reports in a correct and visible way. In addition the view is perfect for junior analyst to make the right triage on the reported potential phishing e-mails while more senior analyst can turn repetitive work into rules & recipies for a faster and more efficient way of working.
  • Overview of all reported mails.
  • Customizable feedback towards reporter flexibility
  • Customizable Quick action menu
  • Integration with other tooling
  • Rules & recipies
  • Analyzing a mail is made easy due to the way the views are setup for the analyst
  • Analyzing attachments is a bit cumbersome
Cofense triage is great in larger organizations were there are a lot of end-users , resulting in more reports and a large diversity in people's background.
December 19, 2021

Cofense Triage Review

Score 10 out of 10
Vetted Review
Verified User
It is [a] nice simulator for emails. We recently implemented Cofense Protect, which will prevent phishing emails and we have implemented Threat Intelligence integration with other technologies. It is working perfectly, we [are] much impressed with Cofense Triage. I would recommend to all to use Cofense Triage.
  • Reported email processing
  • Email management
  • Email categorization
  • Extensive reporting
  • Blocking phishing emails
  • Inline content filtering
This is a good simulator for reporting emails, we can categorize the emails based on categories, from Cofense Triage we can acknowledge users who [have] reported emails. I would recommend to all to own this product.
Score 6 out of 10
Vetted Review
Verified User
Incentivized
We use it to review and identify possible threats in emails. This may include spam campaigns, spear phishing, advance threat actors, etc.
  • Easy analysis of emails.
  • Easy pivot to Cofense Vision.
  • Identifying IOCs.
  • Expand IOCs beyond URLs and hashes.
  • Include a sandbox to see what payloads might be doing.
Cofense Triage allows users to easily to review emails and quickly find malicious or spam. The limitation of the URL flagging has its limits. Many actors often use user specific URLs. For unique attachments the need for use of external tools become problematic especially for new inexperienced analysts.
Nishant Aggarwal | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Cofense Triage is used in our organization for investigation over the reported phishing emails. It is quite an effective tool to analyze the headers for the mail and detect if it is suspicious in nature. There are options to set up parameters in accordance with the organization which helps to prioritize the phishing emails' severity. Also, integration with Cofense Vision helps to quarantine the mail from the inbox.
  • Email Header Analysis and severity prioritization.
  • Intel fetch for the latest threats in the wild.
  • Auto Quarantine mails after integration with Cofense Vision.
  • User Interface.
  • Rule making should be in high level language.
  • Integration with SOAR.
Cofense Triage is highly suited in an organization where the email gateway has missed a potential phishing mail and the SOC needs to do further analysis to figure out whether it was malicious or not. This really helps to avoid the risk of a compromise and removal of breached emails from the organization.
Score 4 out of 10
Vetted Review
Verified User
Incentivized
Cofense Triage is used across our entire organization. Any emails that our users believe to be phishing or malicious can be reported using the report phishing toolbar button, and then our security operations center reviews the email in Triage and responds to the user letting them know if it is safe, spam, or malicious. Triage allows users to easily report the emails, and also clusters them together, and provides tools to more quickly analyze the emails to determine if they are malicious. The plugin has some issues and limitations where it is not always available to users, so some users still opt to forward the email to our phishing mailbox instead of using Triage
  • Separating links and attachments contained in the email, and checking to see if they are known malicious.
  • Clustering like emails to save time when responding.
  • Providing risks scores with each cluster to give an estimate on which clusters should be addressed first.
  • plugin regularly disappears from outlook and is not available on all mobile platforms
  • UI updates tend to make the Triage page look nicer at first glance, but have often caused it to be more clunky and harder to use.
  • Lacks some features such as being able to send one off responses to submitted emails instead of just canned responses.
Cofense does a fine job of classifying emails and responding to users. Set up is straightforward, and Triage is easy to use. It does not have the best quarantine features and does not offer as many proactive ways to defend against future attacks as other solutions. Other solutions are cheaper, have better integrations into the email gateway, and offer more features, such as training modules for users that regularly submit safe emails.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Cofense Triage is used across the enterprise as a tool to report, analyze, and categorize suspicious emails received by users. Cofense Triage rules and recipes help develop a custom logic to eliminate noise (like spam and valid internal emails). Response templates help define canned responses to users and reputation score helps reward vigilant users.
  • Extraction of IOCs
  • Rules and recipes for automation.
  • Assist triage
  • API could be further improved for integration with other tools.
  • Improve Splunk Phantom App for two way communication.
  • Enable Catch a Phish support in the latest Mac OS (Catalina).
Cofense Triage is a suitable tool for organizations to allow users a method to report suspicious emails. There's an Outlook add-on a user can click to simply report an email and get a response from an expert. Cofense also has other tools like Cofense Intelligence and Cofense Phishme for phish simulation exercises seamlessly integrating with Cofense Triage. However, I believe bundling Vision (a feature to search MS Exchange mailboxes for IOCs) with Cofense Triage would add more value to customers. Vision comes as an add-on subscription.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
For my role, my team uses Cofense Triage to group email campaigns for phishing investigation and responding to users.
  • Cluster email reports from users.
  • Respond to users.
  • Whitelist known benign emails.
  • I would not consider Cofense Triage a full IR/investigation tool. The reporting is limited; you can't have analysts assign clusters like queues and cannot categorize outcomes. For instance, if you categorize something as credential theft you cannot add notes or anything indicating whether that attempt was successful.
You need to have a separate tracking or ticketing system due to limitations as to making notes on reports and closing. But for clustering and campaign identification/response and whitelisting it works well.
August 20, 2021

Cofense Triage Review

Score 8 out of 10
Vetted Review
Verified User
Incentivized
Cofense Triage is used as a response and analysis tool for users to submit phishing emails. it allows for threat remediation & also the education of the users. We set up auto-response for commonly reported legitimate emails so users are aware of what it is; we also notify users through it when an email is actually phishing & give them kudos for reporting.
  • Breaks down emails in a safe way for analysis.
  • Sends responses to reporters about their reported emails.
  • Breaks down metrics of what types of emails are reported every month.
  • Easier searching & reporting.
  • Ability to integrate with ticketing system.
For big organizations where there are a lot of employees with email addresses. The autoresponse lets us filter out legitimate emails quickly without much work on our end, but also gives us an opportunity to analyze suspicious or malicious emails. Would not recommend an organization with not many employees with email addresses as it wouldn't be needed.
Return to navigation