This article describes the Intelligence Card Extension for Cofense. F
About Cofense
Cofense, and specifically their Human-driven Phishing Intelligence, is a reliable and timely way to stop dangerous malware and phishing attacks. Using patented methods to automatically identify top threats to your network, and they provide you with timely actionable intelligence, tools, and coaching to respond to attacks that would otherwise go undetected.
The extension enriches IP Address, Domain, and Hash cards with cyber threat intelligence.
You must have commercial access to Cofense Intelligence to use this extension and will need an API username and password, which are different from your username/password for the ThreatQ platform.
Please also see the Getting Started With Intelligence Card Extensions page if you're interested in enabling this extension.
Extending IP Address, Domain, and Hash Intelligence Cards
You can search Cofense for a list of any matching threats that include the given IP Address, Domain, and Hash. For each threat, the response includes:
- Threat ID
- Threat Summary
- Link to Threat Details (in the ThreatHQ.com portal)
- Link to Active Threat Report (in the ThreatHQ.com portal)
- Brand
- First Published Date
- Last Published Date
- Severity
- Malware Family
- Malware Family Description
- Role
- Role Description
- Older Threat Reports (if available)
Example (pulled from the IP intelligence card for 178.62.232.244 on April 11, 2018):
Other Resources
Partner Spotlight blog: https://www.recordedfuture.com/partner-spotlight-phishme/
Videos with interviews and demos about Cofense: https://cofense.com/resources/videos/