* [Blog](https://www2.paloaltonetworks.com/blog)
* [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/)
* [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* Auto-Quarantine Phishing ...

# Auto-Quarantine Phishing Threats with Cortex XSOAR and Cofense Vision

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fauto-quarantine-phishing-threats-with-cortex-xsoar-and-cofense-vision%2F)  
[](https://twitter.com/share?text=Auto-Quarantine+Phishing+Threats+with+Cortex+XSOAR+and+Cofense+Vision&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fauto-quarantine-phishing-threats-with-cortex-xsoar-and-cofense-vision%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fauto-quarantine-phishing-threats-with-cortex-xsoar-and-cofense-vision%2F&title=Auto-Quarantine+Phishing+Threats+with+Cortex+XSOAR+and+Cofense+Vision&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/auto-quarantine-phishing-threats-with-cortex-xsoar-and-cofense-vision/&ts=markdown)  
\[\](mailto:?subject=Auto-Quarantine Phishing Threats with Cortex XSOAR and Cofense Vision)  
Link copied  
By [Mike Saurbaugh](https://www.paloaltonetworks.com/blog/author/mike-saurbaugh/?ts=markdown "Posts by Mike Saurbaugh")  
Nov 17, 2022  
3 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown)  
[Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)  
[Automation Playbooks](https://www.paloaltonetworks.com/blog/tag/automation-playbooks/?ts=markdown)  
[Cofense Vision](https://www.paloaltonetworks.com/blog/tag/cofense-vision/?ts=markdown)  
[Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown)  
[Cortex XSOAR Marketplace](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar-marketplace/?ts=markdown)  
[Email Threats](https://www.paloaltonetworks.com/blog/tag/email-threats/?ts=markdown)  
[Partner Integrations](https://www.paloaltonetworks.com/blog/tag/partner-integrations/?ts=markdown)  
[Phishing](https://www.paloaltonetworks.com/blog/tag/phishing/?ts=markdown)  
[Phishing intelligence](https://www.paloaltonetworks.com/blog/tag/phishing-intelligence/?ts=markdown)  
[ransomware](https://www.paloaltonetworks.com/blog/tag/ransomware/?ts=markdown)  
[Security Automation](https://www.paloaltonetworks.com/blog/tag/security-automation/?ts=markdown)  
[security orchestration](https://www.paloaltonetworks.com/blog/tag/security-orchestration/?ts=markdown)  
[SOAR content](https://www.paloaltonetworks.com/blog/tag/soar-content/?ts=markdown)  
[SOAR Innovation](https://www.paloaltonetworks.com/blog/tag/soar-innovation/?ts=markdown)  
[SOC](https://www.paloaltonetworks.com/blog/tag/soc/?ts=markdown)  
[Social Engineering](https://www.paloaltonetworks.com/blog/tag/social-engineering/?ts=markdown)  
[Threat Hunting](https://www.paloaltonetworks.com/blog/tag/threat-hunting/?ts=markdown)

Secure email gateways don't always catch everything, so identifying and quarantining phishing emails that have bypassed that security is crucial to disrupting an attack and preventing a potential breach across the organization. Unfortunately, security teams rarely have the time or resources to fully protect against evolving phishing tactics. Furthermore, the threat of ransomware from phishing hampers the business. These are just some of the many issues organizations of all sizes struggle with daily.

To overcome these threats, Cofense's team of analysts leverage a global network of more than 35 million reporters who identify and report on suspicious emails. Cofense Vision takes advantage of this intel to search and automatically quarantine phishing threats even before they are reported, stopping a malicious attack in its tracks. Cofense's high-fidelity phishing indicators can be consumed in Cortex XSOAR, providing valuable intelligence and context to quickly identify phishing campaigns, allowing SOC teams to take swift action against emerging and active threats.

We are excited to announce the Cofense Vision content pack is now available on the Cortex XSOAR Marketplace! This new content pack provides Cortex XSOAR customers with phishing detection and response by integrating Cofense Vision's phishing search and quarantine into an automated playbook for intelligent email security. Cofense Vision supports complex queries allowing XSOAR customers to find phishing campaigns based on domains, URLs, attachment names and hashes, and other elements frequently found in advanced phishing attacks.

Designed to speed up phishing detection and response, the Cofense Vision content pack can easily be installed with a few clicks. We make it easy for joint customers to leverage this powerful integration to automatically identify and classify phishing campaigns and quarantine email threats right within Cortex XSOAR.

### **Let's take a look at why this is so important for your security program:**

Together, Cofense Vision and Cortex XSOAR enable your security and IT teams to automatically quarantine emails that evade detection. Cofense Vision's intelligent email security solution enables adding custom IOCs, searching for phishing threats, and automatically quarantining threats matching IOCs. Identify and remove threats against credential compromise, ransomware, and malware in seconds.

Shown below, Cofense Vision's content pack enables analysts to run commands and playbooks outside of Cofense Vision's UI to:

* Automate phishing detection and response, matching actionable threat intelligence to discover and stop threats evading defenses.
* Rapidly respond and quarantine email threats lurking in mailboxes and increase resiliency against new attacks with Cofense intelligent email security.
* Automatically identify and classify email threats and demonstrate faster mean time to respond (MTTR).
* Remediate credential theft, ransomware, and malware-based emails waiting to be opened in employees' mailboxes, without involving the email team.
* Enable your threat hunting team with intelligence to find attackers and develop new blocking and remediation plans.

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/11/word-image-90.png)

### **Learn More**

Build out your security program with the [Cofense Vision](https://cortex.marketplace.pan.dev/marketplace/details/CofenseVision) content pack, available now on the Cortex XSOAR Marketplace. Look up pre-built integrations for your top security tools with over [950 content packs](https://www.paloaltonetworks.com/cortex/xsoar-ecosystem) available for Cortex XSOAR, the market's leading SOAR platform.

Don't have Cortex XSOAR? [Download the Community Edition](https://start.paloaltonetworks.com/sign-up-for-community-edition.html) to get started.

Learn more about [Cofense Vision](https://cofense.com/product-services/vision/) and see additional Cofense content packs, [Cofense Intelligence](https://cortex.marketplace.pan.dev/marketplace/details/CofenseIntelligenceV2), [Cofense Triage](https://cortex.marketplace.pan.dev/marketplace/details/CofenseTriage), and [Cofense Feed](https://cortex.marketplace.pan.dev/marketplace/details/FeedCofense/), available on the XSOAR Marketplace.

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### Use VMRay Analyzer's Contextual Threat Intelligence for Automated Threat Hunting in Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/use-vmray-analyzers-contextual-threat-intelligence-for-automated-threat-hunting-in-cortex-xsoar/)

### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Enable Next Level Phishing Analysis and Response with Cortex XSOAR and Cofense Triage](https://www2.paloaltonetworks.com/blog/security-operations/cofense-xsoar-marketplace/)

### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### Automate Email Incident Response with Armorblox in Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/automate-email-incident-response-with-armorblox-in-cortex-xsoar/)

### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### Build a Champion SOC with Best in Class Threat Intelligence from VirusTotal and Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/virustotal-welcome-xsoar-marketplace/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown)

[#### Titaniam Protect Ransomware Extortion Defense with Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/titaniam-xsoar-marketplace/)

### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### Farewell to 2021! A Look Back on the Cortex XSOAR Marketplace](https://www2.paloaltonetworks.com/blog/security-operations/farewell-to-2021-a-look-back-on-the-cortex-xsoar-marketplace/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language