- Case Manager Release Notes
- Get Started with Case Manager
- Configure Case Manager Settings
- Investigate a Security Incident
- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Add an Entity
- Manually Add an Artifact
- Delete an Entity or Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Manage Tasks During an Investigation
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export Incidents
Prerequisites for Configuring Microsoft Exchange Online with OAuth2.0 Authentication
If your Microsoft Exchange Online account uses OAuth2.0 modern authentication, ensure you complete certain tasks before you configure email ingest and incident email communication.
To integrate Exabeam with Microsoft Azure Active Directory, register an application on the Microsoft identity platform. Since you can't use the same email account for email ingest and incident email communication, you must create a separate application for each account. Under Supported account types, ensure that you select Accounts in this organizational directory only.
Save the client ID for the application you created. You use this client ID later.
Add a client secret and save it. You use this client secret later.
Restrict the application to the emails you use for email ingest and incident email in your Azure AD tenant. Ensure that you also enable Visible to users? settings.
Configure specific Microsoft Graph permissions for your application with the Delegated permission type:
For your email ingest application, configure Mail.Read, POP.AccessAsUser.All, and IMAP.AccessAsUser.All permissions.
For your incident email application, configure Mail.Send and Mail.ReadWrite permissions.
Configure the Office 365 Exchange Online EWS.AccessAsUser.All permission for your application.
Follow the same steps to configure Microsoft Graph permissions, but instead of selecting Microsoft Graph, click the APIs my organization uses tab, select Office 365 Exchange Online, then click Delegated permissions. Under EWS, select the EWS.AccessAsUser.All permission, then click Add permissions.
Configure the Office 365 Exchange Online IMAP.AccessAsApp permission for your application.
Follow the same steps to configure Microsoft Graph permissions, but instead of selecting Microsoft Graph, click the APIs my organization uses tab, select Office 365 Exchange Online, then click Application permissions. Under IMAP, select the IMAP.AccessAsApp permission, then click Add permissions.
Configure the Office 365 Exchange Online POP.AccessAsApp permission for your application.
Follow the same steps to configure Microsoft Graph permissions, but instead of selecting Microsoft Graph, click the APIs my organization uses tab, select Office 365 Exchange Online, then click Application permissions. Under POP, select the POP.AccessAsApp permission, then click Add permissions.
Grant administration consent to the permissions you configured for your application.
Add specific redirect URIs:
For your email ingest application, add https://<domain>/ir/injector/api/injector/listener/provider/init where <domain> is your Exabeam domain.
For your incident email application, add https://<domain>/ir/server/api/email/oauth/token where <domain> is your Exabeam domain.