Skip to content

Cofense Vision

Cofense Vision

About

When it comes to phishing threats, every second counts. Undetected threats can lurk in your network for weeks or months, and can cost your organization millions of dollars. With Cofense Vision, you can search and quarantine emails within minutes, or set a policy to autoquarantine with no intervention — across your entire organization.

Product Details

Vendor URL: Cofense Vision

Product Type: Email

Product Tier: Tier III

Integration Method: Syslog

Integration URL: N/A

Log Guide: N/A

Parser Details

Log Format: Syslog

Expected Normalization Rate: 80%

Data Label: COFENSE_VISION

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
email security_result.about.email
eventtype metadata.product_event_type
internetMessageId network.email.mail_id
msg1 metadata.description
observer observer.hostname
observerapp observer.application
recipientAddress network.email.to
Searchsubjects network.email.subject
user principal.user.userid

Product Event Types

Event UDM Event Classification
all GENERIC_EVENT

Log Sample

<14>Oct 22 20:37:21 number [poolthread] serviceurl No primary addresses were found for email

Sample Parsing

metadata.event_timestamp = "2021-10-22T20:37:21Z"
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "Cofense"
metadata.product_name = "Vision"
metadata.product_event_type = "poolthread"
metadata.description = "No primary addresses were found"
metadata.ingested_timestamp = "2021-10-22T20:37:58.899825Z"
observer.hostname = "number"
observer.application = "serviceurl"
security_result.about.email = "email"

Parser Alerting

This product currently does not have any Parser-based Alerting

Rules

Coming Soon