- Add Case Manager and Incident Responder to Advanced Analytics Disaster Recovery
- Configure a Proxy
- Prerequisites for Configuring Microsoft Exchange Online with OAuth2.0 Authentication
- Ingest Data into Case Manager
- Configure Incident Email
- Customize Incidents
- Incident Types
- Customize the Layout of an Incident Type
- Exabeam Phases
- Exabeam Tasks
Configure Incident Email
Link Case Manager to an email account to send incident emails directly from an incident.
You can't use the same account
An email account from which users send and receive Case Manager-related messages (for example, firstname.lastname@example.org). The mailbox cannot be a shared mailbox or a subfolder. You can't use the same email account you use for email ingest.
Credentials for the email inbox. The account credentials must have read and write access to the entire mailbox.
IMAP + SSL
If you use Microsoft Exchange Online with OAuth2.0 modern authentication, ensure that you complete specific prerequisites.
Ensure that emails aren't encrypted and attachments are in EML format. MSG files are not yet supported.
In the navigation bar, click the menu , select Settings, then select Core.
Under INCIDENT INGESTION, select 2-Way Email.
Enter information about your email account, inbound connection, and outbound connection:
Username – Enter the username for the mail server. This may be an email address.
Password – Enter the password for the mail server.
Email address – Enter the email address on the mail server.
Folder – Enter the name of the folder from which emails are ingested.
Inbound host/server – Enter the name of the inbound mail server.
Inbound protocol – Select the mail protocol used to receive emails.
Inbound port – Enter the inbound protocol port number.
Outbound host/server – Enter the name of the outbound mail server.
Outbound protocol – Select the mail protocol used to send emails.
Outbound port – Enter the outbound protocol port number.
Exchange protocol – Select the box if you use Microsoft Exchange Online.
If you selected the Exchange Protocol box, enter additional information about your Microsoft Exchange Online account and connection:
Exchange host – Enter the host name of your Microsoft Exchange server.
SSL – Select the box if you installed a Secure Sockets Layer (SSL) certificate on your Microsoft Exchange server.
Exchange port – Enter the port number your Microsoft Exchange host uses.
Authentication type – Select the protocol used to authenticate to your Exchange host: BASIC, NTLM, or OAUTH2.0.
Exchange version – Select your version of Microsoft Exchange:
Microsoft Exchange 2007, Service Pack 1
Microsoft Exchange 2010
Microsoft Exchange 2010, Service Pack 1
Microsoft Exchange 2010, Service Pack 2
Other Exchange Version
Log level – Case Manager generates logs about your system activity that Customer Success uses to debug problems in your system. Select how detailed these log are: low or verbose. To conserve disk space, it's best to select low. If you have problems with your system, Customer Success may direct you to change log level to verbose.
If you selected OAUTH2.0 as your Authentication type, enter additional information about the application you registered on Microsoft:
Client ID – Enter your Exabeam Microsoft Application (client) ID.
Client secret – Enter your Exabeam Microsoft Application client secret.
Tenant ID – Enter your Microsoft Azure AD tenant ID.
National cloud – If you have a national cloud deployment of Microsoft Azure, select your national cloud: China, Germany, or USGovernment. If you don't have a national cloud deployment, select Global.
To validate the inbound and outbound connection to your mail server, click TEST INBOUND and TEST OUTBOUND. If you see Failed to test Service connectivity, verify that you entered the correct email account, inbound connection, and outbound connection information.
To enable the email route, click START.
The email route appears in the EMAIL FEEDS list with a RUNNING status.