- Case Manager Release Notes
- Get Started with Case Manager
- Configure Case Manager Settings
- Investigate a Security Incident
- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Add an Entity
- Manually Add an Artifact
- Delete an Entity or Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Manage Tasks During an Investigation
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export Incidents
Configure Incident Email Communication
Link Case Manager to an email account to send incident emails directly from an incident.
You can't use the same account you configured for email ingest.
An email account from which users send and receive Case Manager-related messages (for example, [email protected]). The mailbox cannot be a shared mailbox or a subfolder. You can't use the same email account you use for email ingest.
Credentials for the email inbox. The account credentials must have read and write access to the entire mailbox.
IMAP connectivity.
Protocol
Port Number
IMAP
143
IMAP + SSL
993
If you use Microsoft Exchange Online with OAuth2.0 modern authentication, ensure that you complete specific prerequisites.
Ensure that emails aren't encrypted and attachments are in EML format. MSG files are not yet supported.
In the sidebar, click SETTINGS
, then select Core.Under INCIDENT INGESTION, select 2-Way Email.
Enter information about your email account, inbound connection, and outbound connection:
Username – Enter the username for the mail server. This may be an email address.
Password – Enter the password for the mail server.
Email address – Enter the email address on the mail server.
Folder – Enter the name of the folder from which emails are ingested.
Inbound
Inbound host/server – Enter the name of the inbound mail server.
Inbound protocol – Select the mail protocol used to receive emails.
Inbound port – Enter the inbound protocol port number.
Outbound
Outbound host/server – Enter the name of the outbound mail server.
Outbound protocol – Select the mail protocol used to send emails.
Outbound port – Enter the outbound protocol port number.
Exchange protocol – Select the box if you use Microsoft Exchange Online.
If you selected the Exchange Protocol box, enter additional information about your Microsoft Exchange Online account and connection:
Exchange host – Enter the host name of your Microsoft Exchange server.
SSL – Select the box if you installed a Secure Sockets Layer (SSL) certificate on your Microsoft Exchange server.
Exchange port – Enter the port number your Microsoft Exchange host uses.
Authentication type – Select the protocol used to authenticate to your Exchange host: BASIC, NTLM, or OAUTH2.0.
Exchange version – Select your version of Microsoft Exchange:
Microsoft Exchange 2007, Service Pack 1
Microsoft Exchange 2010
Microsoft Exchange 2010, Service Pack 1
Microsoft Exchange 2010, Service Pack 2
Other Exchange Version
Log level – Case Manager generates logs about your system activity that Customer Success uses to debug problems in your system. Select how detailed these log are: low or verbose. To conserve disk space, it's best to select low. If you have problems with your system, Customer Success may direct you to change log level to verbose.
If you selected OAUTH2.0 as your Authentication type, enter additional information about the application you registered on Microsoft:
Client ID – Enter your Exabeam Microsoft Application (client) ID.
Client secret – Enter your Exabeam Microsoft Application client secret.
Tenant ID – Enter your Microsoft Azure AD tenant ID.
National cloud – If you have a national cloud deployment of Microsoft Azure, select your national cloud: China, Germany, or USGovernment. If you don't have a national cloud deployment, select Global.
To validate the inbound and outbound connection to your mail server, click TEST INBOUND and TEST OUTBOUND. If you see Failed to test Service connectivity, verify that you entered the correct email account, inbound connection, and outbound connection information.
Click SAVE.
Log in to the Microsoft account you use for email ingest. When asked whether to Stay signed in? it doesn't matter whether you select yes or no. The credentials aren't saved in your cache, and you are asked every time you configure email ingest.
To enable the email route, click START.
The email route appears in the EMAIL FEEDS list with a RUNNING status.