* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Security Operations](https://www.paloaltonetworks.com.au/blog/security-operations/)
* [Partner Integrations](https://www.paloaltonetworks.com.au/blog/security-operations/category/partner-integrations/)
* Enable Next Level Phishin...

# Enable Next Level Phishing Analysis and Response with Cortex XSOAR and Cofense Triage

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsecurity-operations%2Fcofense-xsoar-marketplace%2F)  
[](https://twitter.com/share?text=Enable+Next+Level+Phishing+Analysis+and+Response+with+Cortex+XSOAR+and+Cofense+Triage&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsecurity-operations%2Fcofense-xsoar-marketplace%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsecurity-operations%2Fcofense-xsoar-marketplace%2F&title=Enable+Next+Level+Phishing+Analysis+and+Response+with+Cortex+XSOAR+and+Cofense+Triage&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/security-operations/cofense-xsoar-marketplace/&ts=markdown)  
\[\](mailto:?subject=Enable Next Level Phishing Analysis and Response with Cortex XSOAR and Cofense Triage)  
Link copied  
By [Mike Saurbaugh](https://www.paloaltonetworks.com/blog/author/mike-saurbaugh/?ts=markdown "Posts by Mike Saurbaugh") and [Alyssa VanNice](https://www.paloaltonetworks.com/blog/author/alyssa-vannice/?ts=markdown "Posts by Alyssa VanNice")  
Oct 08, 2021  
3 minutes  
[Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown)  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
[Automation Playbooks](https://www.paloaltonetworks.com/blog/tag/automation-playbooks/?ts=markdown)  
[Cofense Triage](https://www.paloaltonetworks.com/blog/tag/cofense-triage/?ts=markdown)  
[Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown)  
[Cortex XSOAR Marketplace](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar-marketplace/?ts=markdown)  
[Indicators of phishing](https://www.paloaltonetworks.com/blog/tag/indicators-of-phishing/?ts=markdown)  
[Partner Integrations](https://www.paloaltonetworks.com/blog/tag/partner-integrations/?ts=markdown)  
[Phishing](https://www.paloaltonetworks.com/blog/tag/phishing/?ts=markdown)  
[Phishing analysis Phishing incident response](https://www.paloaltonetworks.com/blog/tag/phishing-analysis-phishing-incident-response/?ts=markdown)  
[Phishing intelligence](https://www.paloaltonetworks.com/blog/tag/phishing-intelligence/?ts=markdown)  
[Security Automation](https://www.paloaltonetworks.com/blog/tag/security-automation/?ts=markdown)  
[security orchestration](https://www.paloaltonetworks.com/blog/tag/security-orchestration/?ts=markdown)  
[SOAR content](https://www.paloaltonetworks.com/blog/tag/soar-content/?ts=markdown)  
[SOAR Innovation](https://www.paloaltonetworks.com/blog/tag/soar-innovation/?ts=markdown)  
[SOC](https://www.paloaltonetworks.com/blog/tag/soc/?ts=markdown)

Within the threat landscape, email phishing is one of the main techniques used by attackers to gain access to critical systems and data. However, security teams face shortages of time, resources, and people, making it difficult to investigate and respond quickly. Security teams have learned that properly trained employees are able to detect and report suspicious emails to the SOC when they evade email gateways. To keep your organization secure from email-based attacks, your security team needs a powerful phishing solution to help automatically ingest, analyze, and respond to employee reported emails.

Palo Alto Networks Cortex XSOAR has released an integrated content pack with Cofense Triage to manage employee reported phishing emails and help automate and simplify these complex workflows and speed up the total time to resolution. To further streamline your workflows, your security team can pair Cofense Triage with Cofense Reporter so employees can utilize one click reporting to alert the SOC. Leveraging these solutions together enables easy employee reporting of suspicious emails and centralizes them all in a designated inbox and automatically organizes received emails into smart clusters, making it easier for your team to prioritize and remediate.

### **Why is this integration important for your security program?**

Cortex XSOAR and Cofense Triage enable your SOC to receive, analyze, enrich, and respond to phishing attacks in minutes rather than hours or days. Automating as much of the phishing-email triage and response process as possible frees up many valuable cycles for your analysts. So they can focus on threat hunting and other strategic initiatives to ensure the organization remains secure.

The Cofense Triage content pack enables you to:

* Ingest phishing reports and clusters directly into Cortex XSOAR for a single pane of glass view so you can automate analysis and respond effectively.
* Configure Cortex XSOAR to ingest and categorize reported emails that reside in the Cofense Triage Inbox. Study the email attributes included in the at-a-glance dashboards.
* Ingest Cofense Triage phishing threat indicators such as URLs, hostnames, headers, and file hashes into Cortex XSOAR.
* Validate phishing threats through native phishing intelligence and rules in Cofense Triage that can further enrich Cortex XSOAR playbooks.

### **Learn more**

Build out your security program with the Cofense Triage content pack, available now on the [Cortex XSOAR Marketplace](https://xsoar.pan.dev/marketplace). Look up prebuilt integrations for your top security tools with over [750 content packs](https://www.paloaltonetworks.com/cortex/xsoar-ecosystem) available for Cortex XSOAR, the market's leading SOAR platform.

To see the Cofense Triage content pack, visit [the Marketplace](https://xsoar.pan.dev/marketplace/details/CofenseTriage). Learn more about Cofense Triage at [cofense.com](https://cofense.com/).

To learn more about the Cofense Triage content pack, join us for a live demo and overview with Q\&A on October 28th at 9:00 A.M. PDT and discover how to stop the phish! [Save your seat today](https://register.paloaltonetworks.com/octxsoartopusecaseswebinar--oct282021?utm_source=panwblogs).

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Auto-Quarantine Phishing Threats with Cortex XSOAR and Cofense Vision](https://www.paloaltonetworks.com.au/blog/security-operations/auto-quarantine-phishing-threats-with-cortex-xsoar-and-cofense-vision/)

### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### Automate Email Incident Response with Armorblox in Cortex XSOAR](https://www.paloaltonetworks.com.au/blog/security-operations/automate-email-incident-response-with-armorblox-in-cortex-xsoar/)

### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Streamlining Access Management with Cortex XSOAR and Thales](https://www.paloaltonetworks.com.au/blog/security-operations/thales-xsoar-marketplace/)

### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Code42 Incydr + Cortex XSOAR: Right-Sizing Insider Risk Response](https://www.paloaltonetworks.com.au/blog/security-operations/code42-xsoar-marketplace/)

### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### SlashNext Reinvents Incident Response with Cortex XSOAR](https://www.paloaltonetworks.com.au/blog/security-operations/slashnext-xsoar-marketplace/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Use VMRay Analyzer's Contextual Threat Intelligence for Automated Threat Hunting in Cortex XSOAR](https://www.paloaltonetworks.com.au/blog/security-operations/use-vmray-analyzers-contextual-threat-intelligence-for-automated-threat-hunting-in-cortex-xsoar/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language