Skip to content

Cofense Vision

Cofense Vision is a powerful tool that works in conjunction with Cofense Triage and other Cofense products to provide enhanced visibility into malicious email campaigns About Cofense, Cofense vision data sheet.

Chronicle Data Types

  • COFENSE_VISION

Caveats / Known Limitations

Please note that due to the nature of the V5 audit log API, our integration with Cofense Vision retrieves audit logs for the past three days at a time. This is due to the fact that the API only supports pulling events in for a single 24 hour window and we cannot filter by the hour so the collector will pull logs in for a 24 hour window.

Cofense logs collected through other generic methods like syslog forwarders, cloud storage buckets, and webhooks remain unaffected by this specific API limitation.

Requirements

To ensure connectivity between Cyderes and the Cofense Vision instance, specific IPs need to be whitelisted. Please contact Cyderes for the list of IPs.

Configuration

For authentication setup using the V5 API, please refer to the API documentation for your specific Cofense Vision instance.

Gather Information

To complete the implementation, please provide Cyderes with the following information:

  • URL for Cofense Vision instance
  • OAuth2 Client ID
  • OAuth2 Client Secret