Cofense Vision

the cofense vision connector enables automated phishing threat detection and response by integrating with swimlane turbine's low code automation platform cofense vision is a phishing detection and response platform that enables security teams to identify and quarantine phishing threats proactively this connector allows swimlane turbine users to integrate cofense vision's capabilities directly into their security workflows, automating the search and quarantine of phishing threats by leveraging this integration, users can streamline their phishing response process, reduce manual tasks, and enhance their organization's overall email security posture prerequisites to effectively utilize the cofense vision connector within swimlane turbine, ensure you have the following prerequisites oauth2 client credentials authentication with the following parameters url host for the cofense vision client name unique identifier provided by cofense vision client password a secure password associated with your client name capabilities this connector provides the following capabilities create a new quarantine job create new search get all searches get search results asset setup the following permissions are required to run each of the tasks create a new quarantine job quarantine admin , quarantine user , or system admin create new search search admin , search user , or system admin get all searches search admin , search user , or system admin get search results search admin , search user , or system admin notes this connector supports cofense vision api version 5 configurations cofense vision client credentials authentication authenticates using client name and client password configuration parameters parameter description type required url a url to the target host string required client id account name for the client string required client secret password for the account name specified string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create new quarantine job initiates a new quarantine job in cofense vision using specified email addresses for targeted action endpoint url api/v5/quarantinejobs method post input argument name type required description quarantineemails array optional parameter for create new quarantine job quarantineemails recipientaddress string optional parameter for create new quarantine job quarantineemails internetmessageid string optional unique identifier input example {"json body" {"quarantineemails" \[{"recipientaddress" "recipient1\@example com","internetmessageid" "\<byapr11mb2824ef099fe06d3740572 200dc8d0\@byapr11mb2824 namprd11 prod outlook com>"},{"recipientaddress" "recipient2\@example com","internetmessageid" "\<byapr11mb2824a5994cf5ba9417724eeedc8d0\@byapr11mb2824 namprd11 prod outlook com>"}]}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier createdby string output field createdby createddate string date value modifiedby string output field modifiedby modifieddate string date value stoprequested boolean output field stoprequested emailcount number count value quarantineemails array output field quarantineemails quarantineemails id number unique identifier quarantineemails recipientaddress string output field quarantineemails recipientaddress quarantineemails internetmessageid string unique identifier quarantineemails ewsmessageid object unique identifier quarantineemails status string status value quarantineemails errormessage object response message quarantineemails createddate string date value quarantineemails quarantineddate object date value quarantineemails originalfolderid object unique identifier quarantinejobruns array output field quarantinejobruns quarantinejobruns id number unique identifier quarantinejobruns jobruntype string type of the resource quarantinejobruns status string status value quarantinejobruns starteddate object date value quarantinejobruns completeddate object date value output example {"status code" 200,"response headers" {"x frame options" "sameorigin","x content type options" "nosniff","x xss protection" "1","referrer policy" "no referrer","strict transport security" "max age=63072000; includesubdomains;","content security policy" "default src 'self';script src 'self' 'unsafe eval';frame src 'self';child src 's ","date" "tue, 05 mar 2024 06 06 52 gmt","cache control" "private,max age=0,no cache,no store,must revalidate","pragma" "no cache","content type" "application/json create new search creates a new search in cofense vision using specified criteria provided in the json body endpoint url api/v5/searches method post input argument name type required description subjects array optional the email subject must match one of the subjects in the list exactly, including spaces vision supports the use of one or more wildcard characters ( ) in any position of a subject senders array optional the email sender must match one of the email addresses in the list vision supports the use of one or more wildcard characters ( ) in any position of a sender email address attachmentnames array optional list of strings representing file names the email must include at least one attachment matching one of the specified file names vision supports the use of one or more wildcard characters ( ) in any position of an attachment file name attachmenthashcriteria object optional parameter for create new search attachmenthashcriteria type string optional type of the resource attachmenthashcriteria attachmenthashes array optional parameter for create new search attachmenthashcriteria attachmenthashes hashtype string optional either md5 or sha256 attachmenthashcriteria attachmenthashes hashstring string optional file hash of the attachment attachmentmimetypes array optional list of mime types this property returns emails with at least one attachment of one of the listed mime types domaincriteria object optional parameter for create new search domaincriteria type string optional type of the resource domaincriteria domains array optional parameter for create new search receivedafterdate string optional filters for emails that vision processed on or after this date and time the date and time must be in utc in iso 8601 format receivedbeforedate string optional filters for emails that vision processed before or on this date and time the date and time must be in utc in iso 8601 format url string optional email content or attachment must contain the full url exactly as specified, including http // or https // vision supports the use of one or more wildcard characters ( ) in any position of the url internetmessageid string optional unique identifier of the email, enclosed in angle brackets this attribute is case sensitive headers array optional list of one or more additional criteria to search for in the email header headers key string optional http headers for the request headers values array optional http headers for the request partialingest boolean optional whether to search for partially ingested emails (true) or not search for partially ingested emails (false) recipient string optional email address of the recipient vision supports the use of one or more wildcard characters ( ) in any position of a recipient email address input example {"json body" {"subjects" \["check this out","news of the day"],"senders" \["someuser1\@cofense com","someuser2\@cofense com"],"attachmentnames" \["foo jpg","bar jpg"],"attachmenthashcriteria" {"type" "all","attachmenthashes" \[{"hashtype" "sha256","hashstring" "f814c32d07400260cda1c3dd8479c843bfa6062e1221bd85c04c5eee570ac413"}]},"attachmentmimetypes" \["text","image/jpg"],"domaincriteria" {"type" "all","domains" \["example1 com","example2 com"]},"receivedafterdate" "2023 08 01t00 00 00 000z","receivedbeforedate" "2023 08 02t00 00 00 000z","url" "http //www foo com/bar","internetmessageid" "<1c626fce 6749 4de9 884c c025173f80bb\@example com>","headers" \[{"key" "content type","values" \["application/javascript","application/json"]},{"key" "x originating ip","values" \["127 0 0 1"]}],"partialingest"\ true,"recipient" "someuser1\@cofense com"}} output parameter type description status code number http status code of the response reason string response reason phrase id number unique identifier createdby string output field createdby createddate string date value modifiedby string output field modifiedby modifieddate string date value subjects array output field subjects senders array output field senders recipient object output field recipient attachmentnames array name of the resource attachmenthashcriteria object output field attachmenthashcriteria attachmenthashcriteria type string type of the resource attachmenthashcriteria attachmenthashes array output field attachmenthashcriteria attachmenthashes attachmenthashcriteria attachmenthashes hashtype string type of the resource attachmenthashcriteria attachmenthashes hashstring string output field attachmenthashcriteria attachmenthashes hashstring domaincriteria object output field domaincriteria domaincriteria type string type of the resource domaincriteria domains array output field domaincriteria domains domaincriteria whitelisturls array url endpoint for the request domaincriteria whitelisturls file name string url endpoint for the request domaincriteria whitelisturls file string url endpoint for the request attachmentmimetypes array type of the resource receivedafterdate string date value receivedbeforedate string date value output example {"status code" 200,"response headers" {"x frame options" "sameorigin","x content type options" "nosniff","x xss protection" "1","referrer policy" "no referrer","strict transport security" "max age=63072000; includesubdomains;","content security policy" "default src 'self';script src 'self' 'unsafe eval';frame src 'self';child src 's ","date" "tue, 05 mar 2024 06 06 52 gmt","cache control" "private,max age=0,no cache,no store,must revalidate","pragma" "no cache","content type" "application/json get all searches retrieves a list of all searches conducted within cofense vision, including details and statuses endpoint url api/v5/searches method get input argument name type required description parameters page number optional start page of the results the value must be a positive integer or 0 default 0 parameters size number optional number of results per page the value must be a positive integer up to 2000 default 20 parameters sort array optional name value pair defining the order of search properties in the response multiple values are supported format propertyname,sortorder input example {"parameters" {"page" 1,"size" 100,"sort" \["createddate,desc"]}} output parameter type description status code number http status code of the response reason string response reason phrase searches array output field searches searches id number unique identifier searches createdby string output field searches createdby searches createddate string date value searches modifiedby string output field searches modifiedby searches modifieddate string date value searches subjects array output field searches subjects searches subjects file name string name of the resource searches subjects file string output field searches subjects file searches senders array output field searches senders searches senders file name string name of the resource searches senders file string output field searches senders file searches recipient object output field searches recipient searches attachmentnames array name of the resource searches attachmentnames file name string name of the resource searches attachmentnames file string name of the resource searches attachmenthashcriteria object output field searches attachmenthashcriteria searches attachmenthashcriteria type string type of the resource searches attachmenthashcriteria attachmenthashes array output field searches attachmenthashcriteria attachmenthashes searches attachmenthashcriteria attachmenthashes file name string name of the resource searches attachmenthashcriteria attachmenthashes file string output field searches attachmenthashcriteria attachmenthashes file searches domaincriteria object output field searches domaincriteria searches domaincriteria type string type of the resource output example {"status code" 200,"response headers" {"x frame options" "sameorigin","x content type options" "nosniff","x xss protection" "1","referrer policy" "no referrer","strict transport security" "max age=63072000; includesubdomains;","content security policy" "default src 'self';script src 'self' 'unsafe eval';frame src 'self';child src 's ","date" "tue, 05 mar 2024 06 06 52 gmt","cache control" "private,max age=0,no cache,no store,must revalidate","pragma" "no cache","content type" "application/json get search results retrieves the results of a previously initiated search in cofense vision using a unique identifier endpoint url api/v5/searches/{{id}}/results method get input argument name type required description parameters page number optional start page of the results the value must be a positive integer or 0 default 0 parameters size number optional number of results per page the value must be a positive integer up to 2000 default 20 parameters sort array optional name value pair defining the order of search properties in the response multiple values are supported format propertyname,sortorder path parameters id number required parameters for the get search results action input example {"parameters" {"page" 1,"size" 100,"sort" \["createddate,desc"]},"path parameters" {"id" 5}} output parameter type description status code number http status code of the response reason string response reason phrase messages array response message messages id number unique identifier messages storageuri string response message messages subject string response message messages receivedon string response message messages senton string response message messages deliveredon object response message messages processedon string response message messages md5 string response message messages sha1 object response message messages sha256 string response message messages internetmessageid string unique identifier messages from array response message messages from id number unique identifier messages from personal string response message messages from address string response message messages headers array http headers for the request messages headers id number http headers for the request messages headers name string http headers for the request messages headers value string http headers for the request messages headers seq number http headers for the request messages recipients array response message messages recipients id number unique identifier output example {"status code" 200,"response headers" {"x frame options" "sameorigin","x content type options" "nosniff","x xss protection" "1","referrer policy" "no referrer","strict transport security" "max age=63072000; includesubdomains;","content security policy" "default src 'self';script src 'self' 'unsafe eval';frame src 'self';child src 's ","date" "tue, 05 mar 2024 06 06 52 gmt","cache control" "private,max age=0,no cache,no store,must revalidate","pragma" "no cache","content type" "application/json response headers header description example cache control directives for caching mechanisms private,max age=0,no cache,no store,must revalidate content length the length of the response body in bytes 538 content security policy http response header content security policy default src 'self';script src 'self' 'unsafe eval';frame src 'self';child src 'self';worker src 'self';media src 'self';style src 'self' 'unsafe inline';img src data blob 'self';frame ancestors 'self';font src 'self' data ;upgrade insecure requests;connect src data blob 'unsafe inline';block all mixed content; content type the media type of the resource application/json date the date and time at which the message was originated tue, 05 mar 2024 06 06 52 gmt pragma http response header pragma no cache referrer policy http response header referrer policy no referrer server information about the software used by the origin server envoy strict transport security http response header strict transport security max age=63072000; includesubdomains; x content type options http response header x content type options nosniff x envoy upstream service time http response header x envoy upstream service time 28 x frame options http response header x frame options sameorigin x xss protection http response header x xss protection 1