Cofense ThreatHQ
Overview
Cofense ThreatHQ connector imports phishing campaign reports, malware indicators, and associated observables from Cofense's phishing-focused threat intelligence platform.
Cofense is a leader in email security, providing phishing detection and response solutions powered by threat intelligence from over 35 million Cofense-trained employees who actively report suspected phishing threats in real-time.
Cofense ThreatHQ is a specialized phishing threat detection, analysis, and management platform that provides real-time monitoring of IOCs linked to phishing attacks. This connector retrieves intelligence reports from the ThreatHQ API and converts them into STIX 2.1 objects for import into OpenCTI.
Supported indicator types:
- URLs, Domain Names, IPv4 Addresses
- Files (with MD5, SHA-1, SHA-256, SHA-512 hashes)
- Email Messages (subjects)
- Targeted sectors (NAICS codes)
- PDF report attachments