Skip to main content

Report Categorization - Cofense Triage v3

This Playbook is part of the Cofense Triage Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Report Categorization playbook investigates reports that are unprocessed or uncategorized on Cofense Triage as incident alerts in XSOAR and categorizes them based on the severity of the incident.

Users are only able to run the playbook in v6.0.0 or higher as it requires commands to execute the task.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Calculate Severity - Generic v2
  • Send Indicators - Cofense Triage v3


This playbook does not use any integrations.


  • CheckEmailAuthenticity
  • ParseEmailFiles
  • AssignAnalystToIncident


  • extractIndicators
  • rasterize-email
  • cofense-category-list
  • cofense-report-download
  • rasterize-image
  • cofense-report-categorize

Playbook Inputs#

NameDescriptionDefault ValueRequired
OnCallSet to true to assign only user that is currently on shift. Requires Cortex XSOAR v5.5 or later.falseOptional
ReportIDRequires report ID to investigate and categorize the report that is pulled from Cofense Triage.incident.cofensetriagereportidRequired
AutoCategorizeWhether the user wants to categorize the report automatically or not.FalseOptional
MaliciousCategoryThe category to be assigned to the report if it is malicious.Optional
NonMaliciousCategoryThe category to be assigned to the report if it is non-malicious.Optional

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Report Categorization - Cofense Triage v3