Skip to content

Cofense Triage

Cofense Triage is a tool for accelerating phishing email analysis, investigation, and response by cutting through noise automatically and surfacing real threats faster.

Chronicle Data Types


Caveats / Known Limitations

Cyderes supports collection of reports from Cofense Triage from both the V1 and V2 APIs. Cyderes recommends ingesting reports from V1 as V2 is still marked as beta and does not provide as much context rich data in its current state.


IPs will need to be whitelisted to ensure connectivity with Cyderes and the Cofense Triage instance. For list of IPs, please contact Cyderes.


Depending on the API version being used, the setup for this integration requires configuration of the auth piece necessary for Cyderes to access the Cofense Triage instance. Reference API docs for the desired Cofense Triage instance to setup auth pieces for each API version.

Gather Information

Provide the following information to Cyderes to complete implementation:

Both API versions

  • URL for Cofense Triage instance


  • API Token
  • Email that owns API Token


  • OAuth2 Client ID
  • OAuth2 Client Secret