--- title: Cofense Triage description: Gain insights into Cofense Triage events. breadcrumbs: Docs > Integrations > Cofense Triage --- # Cofense Triage Integration version1.0.0 Cofense Triage - InsightsCofense Triage - Insights ## Overview{% #overview %} [Cofense Triage](https://cofense.com/pdr-platform) is a powerful email-focused security platform designed to help organizations rapidly detect, analyze, and respond to phishing threats, especially those that bypass traditional email gateways. This integration ingests the following logs: - **Reports**: Provide information about the reported emails that Cofense Triage ingests, break down into components, and add additional information. - **Threat Indicators**: Identify the threat level of an email's subject, sender, domains, URLs, and MD5 and SHA256 attachment hash signatures. Integrate Cofense Triage with Datadog to gain insights into reports and threat indicators using pre-built dashboard visualizations. Datadog uses its built-in log pipelines to parse and enrich these logs, facilitating easy search and detailed insights. The integration can also be used for Cloud SIEM detection rules for enhanced monitoring and security. ## Setup{% #setup %} ### Prerequisites{% #prerequisites %} - API Host - Client ID - Client Secret Note: Users must have superuser access to generate the Client ID and Client Secret. ### Generate API Credentials in Cofense Triage{% #generate-api-credentials-in-cofense-triage %} 1. Log in to the Cofense Triage portal with superuser credentials. 1. Navigate to **Administration** > **API Management**. 1. In the **Rate Limit Settings**, set the **Triage API rate limit** to the maximum value. 1. Select the **Version2** tab, then click **Applications**. 1. Click **New Application**. 1. Enter a name for the application. 1. Choose the **Read Only** option under **Triage Role**. 1. Click **Submit**. After submission, you'll see the Client ID and Client Secret displayed. Note: Use the maximum rate limit for optimal performance. ### Connect your Cofense Triage Account to Datadog{% #connect-your-cofense-triage-account-to-datadog %} 1. Add your API Host, Client ID and Client Secret. | Parameters | Description | | ------------- | ------------------------------------------------- | | API Host | The hostname of the Cofense Triage portal. | | Client ID | The Client ID of your Cofense Triage account. | | Client Secret | The Client Secret of your Cofense Triage account. | 1. Click **Save** to save your settings. #### Whitelist Datadog IP Addresses{% #whitelist-datadog-ip-addresses %} 1. Use an API platform such as Postman or the curl command to make a GET request to the [Datadog API endpoint](https://docs.datadoghq.com/api/latest/ip-ranges/). 1. After you receive the response, locate the **webhooks** section in the JSON. It looks something like this: ```json "webhooks": { "prefixes_ipv4": [ "0.0.0.0/32", ... ], "prefixes_ipv6": [] } ``` 1. From the **prefixes\_ipv4** list under the Webhooks section, copy each CIDR entry. 1. Work with Cofense support team to get these IP ranges whitelisted. ## Data Collected{% #data-collected %} ### Logs{% #logs %} Cofense Triage collects and forwards reports and threat indicators to Datadog. ### Metrics{% #metrics %} Cofense Triage does not include any metrics. ### Events{% #events %} Cofense Triage does not include any events. ## Troubleshooting{% #troubleshooting %} Need help? Contact [Datadog support](https://docs.datadoghq.com/help/).