Cofense Intelligence

Updated 1 week ago by Sachit Soni

This document describes how to set up and use Cofense Intelligence with TruSTAR Station.

Cofense's malware intelligence service provides accurate alerts about cryptojacking malware and other possible attacks circulating in phishing emails.

  • Source Type: Premium Intel
  • Update Type: Feed-based
  • Time to Install: 10 minutes

Data Types

The integration pulls the following information from Cofense:

  • Email addresses
  • Hashes
  • IPs
  • URLs
  • Softwares


  • A subscription to Cofense Intelligence
  • Cofense API Key
  • Cofense API Secret
TruSTAR Admin rights are required to activate this Premium Intel feed.

Getting Started

  1. Log into TruSTAR Station.
  2. Click the Marketplace icon on the left side icon list.
  3. Choose Closed Source.
  4. Click Subscribe on the Cofense Intelligence box.
  5. Enter your Cofense Intelligence credentials and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping



Report Title

Cofense-Intel-Malware - {report[‘label’]}

Cofense-Intel-Phish - {report[‘label’]}

External ID

base64encode("Cofense-Intel-{report['report id']}")

Report Body

Full JSON response

Client Type


Client Meta Tag


Known Issues

No reported issues.

Please reach out to if you have issues with this integration.

How Did We Do?