- Case Manager i56 Release Notes
- What's New
- Known Issues
- Issues Fixed in Case Manager i56.5 (General Availability)
- Issues Fixed in Case Manager i56.6
- Issues Fixed in Case Manager i56.7
- Issues Fixed in Case Manager i56.8
- Issues Fixed in Case Manager i56.9
- Issues Fixed in Case Manager i56.10
- Issues Fixed in Case Manager i56.11
- Issues Fixed in Case Manager i56.12
- Get Started with Case Manager
- Configure Case Manager Settings
- Investigate a Security Incident
- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Assign an Incident to a Queue, Assignee, Priority, or Status
- Manually Add an Entity
- Manually Add an Artifact
- Delete an Entity or Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Manage Tasks During an Investigation
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export Incidents
Email Ingest
Ingest suspicious emails and investigate phishing incidents using Email Ingest.
Case Manager Email Ingest creates incidents from potential phishing emails. It ingests suspicious emails from a designated phishing mailbox, parses relevant fields, creates an incident, then deletes the email from the inbox. Configure Email Ingest in your settings.
Configure Email Ingest
Link Case Manager to your phishing inbox to forward suspicious emails to Case Manager and ingest suspicious emails.
A dedicated phishing inbox that Case Manager has access to. No one should delete, move, or otherwise touch the emails in this inbox. The mailbox cannot be a shared mailbox or subfolder. You can't use the same email account you use for incident email.
Credentials for the phishing inbox. The account and credentials must have read and write access to the entire mailbox.
Connection to IMAP, POP3, or Exchange.
Protocol
Port
IMAP
143
IMAP + SSL
993
POP3
110
POP3 + SSL
995
Exchange
443
If you use Microsoft Exchange Online with OAuth2.0 modern authentication, ensure that you complete specific prerequisites.
Note
For cloud-delivered deployments, only port 443 is open. To open other ports, contact your Technical Account Manager.
Ensure that emails aren't encrypted and attachments are in EML format. MSG files are not yet supported.
In the navigation bar, click the menu
, select Settings, then select Core.Under INCIDENT INGESTION, select Email Ingest.
Enter information about your email connection:
Host/Server – A mail server or host; for example, outlook.office365.com
Username – An assigned username. For IMAP, enter the email address. For Exchange, enter [domain]\[username]
Email address – The email address where emails are sent. This can't be a shared email.
Password – The password for the username you previously entered.
Protocol – The email protocol used to connect to your mail server: IMAP, POP3, Exchange. Select the box if your email provider supports Secure Sockets Layer (SSL). If you select Exchange:
Exchange version – Select your version of Microsoft Exchange:
Microsoft Exchange 2007, Service Pack 1
Microsoft Exchange 2010
Microsoft Exchange 2010, Service Pack 1
Microsoft Exchange 2010, Service Pack 2
Other Exchange Version
Authentication type – Select the protocol used to authenticate to your Exchange host: BASIC, NTLM, or OAUTH2.0.
If you select OAUTH2.0:
Client ID – Enter your Exabeam Microsoft Application (client) ID.
Client secret – Enter your Exabeam Microsoft Application client secret.
Tenant ID – Enter your Microsoft Azure AD tenant ID.
National cloud – If you have a national cloud deployment of Microsoft Azure, select your national cloud: China, Germany, or USGovernment. If you don't have a national cloud deployment, select Global.
Port – The port number your mail host or server uses.
Log level – Case Manager generates logs about your system activity that Customer Success uses to debug problems in your system. Select how detailed these log are: low or verbose. To conserve disk space, it's best to select low. If you have problems with your system, Customer Success may direct you to change log level to verbose.
Folder – Which account folder you're pulling emails from. The default folder is Inbox.
Click SAVE.
To start ingesting emails, click START.
By default, Case Manager ingests emails starting from today. To ingest emails starting from a different date, click Select a different date, then select a date in the calendar.
Restart Email Ingest
If email ingest isn't working, restart it to troubleshoot the issue.
In the navigation bar, click the menu
, select Settings, then select Analytics.Under Case Management, select Incident Configuration.
Select the EMAIL INGEST tab.
Hover over an email server, then click edit
.Click Start.
If email ingest starts successfully, the server appears in the list of email feeds with a Running status.