- Incident Responder Release Notes
- Get Started with Incident Responder
- Configure Incident Responder Settings
- Core Settings
- Analytics Settings
- Configure Services
- Prerequisites for Configuring Incident Responder Microsoft Services with OAuth2.0 Authentication
- Configure the Amazon Elastic Compute Cloud (EC2) Service
- Configure the Anomali ThreatStream API Service
- Configure the Atlassian Jira Service
- Configure the BMC Remedy Service
- Configure the Check Point Firewall Service
- Configure the Cisco AMP for Endpoints Service
- Configure the Cisco Services Engine (ISE) Service
- Configure the Cisco Threat Grid Service
- Configure the Cisco Umbrella Enforcement Service
- Configure the Cisco Umbrella Investigate Service
- Configure the CrowdStrike Falcon Host API Service Service
- Configure the CrowdStrike Falcon Host API Service Service
- Configure the CyberArk Service
- Configure the Cylance Protect Service
- Configure the Exabeam Advanced Analytics Service
- Configure the Exabeam Cloud Search Service
- Configure the Exabeam DL Service
- Configure the FireEye HX Service
- Configure the Fortinet Service
- Configure the Google Gmail Service
- Configure the IntSights Cyber Intelligence Ltd. Service
- Configure the IRNotificationSMTPService Service
- Configure the Microsoft Active Directory (AD) (Latest) Service
- Configure the Microsoft Exchange Service
- Configure the Microsoft Outlook Office 365 Service
- Configure the Microsoft Windows Defender ATP Service
- Configure the Microsoft Windows Management Instrumentation Service
- Configure the Netskope Service
- Configure the Okta Service
- Configure the Palo Alto Networks Firewall Service
- Configure the Palo Alto Networks Wildfire Service
- Configure the Rapid7 insightVM Service
- Configure the SentinelOne Service
- Configure the SentinelOneV2 Service
- Configure the Service Now Service
- Configure the Slack Service
- Configure the SlashNext Service
- Configure the Splunk Service
- Configure the ThreatConnect API Service
- Configure the Urlscan.io API Service
- Configure the VirusTotal Service
- Configure the Zscaler Service
- Test a Service
- Edit a Service
- Disable a Service
- Upload a Custom Service
- Delete a Custom Service
- Create an Email Template for the Notify by Email Action
- Respond to Security Incidents
PrevNext
Create an Email Template for the Notify by Email Action
Use templates to customize the emails sent when you run the Notify by email Exabeam action.
In the sidebar, click SETTINGS
, then select Analytics.Under Case Management, select Email Notifications, then select the EMAIL TEMPLATES tab.
Click Add Email Template
.Configure the template settings:
Template Type – Select Notify by Email Action.
Template Name – Name the email template. This name is used to identify the template when you manually run the Notify by email action or configure a playbook action node using the Notify by email action.
Subject – Enter the subject line for the email notification.
In the text box, create the email body using Scalate's Mustache HTML template language.
Under Variable Fields, view all the template variables you can use in the email body. For the Notify by Email Action template type, you can use any variable under both Notify by Email Action Fields and Case Manager Incident Fields.
You can create a more elaborate email with CSS formatting; for example:
"<!DOCTYPE html> <html lang=\"en\"> <head> <title>Exabeam Incident Responder</title> <style type=\"text/css\"> body { background:#F4F6F8; font: 15px arial, sans-serif; } #sides{ display: flex; } #sides_left{ flex-grow: 1; padding-left: 10px; } #header { -webkit-box-shadow: 2px 2px 2px 0px rgba(71,79,88,1); -moz-box-shadow: 2px 2px 2px 0px rgba(71,79,88,1); box-shadow: 2px 2px 2px 0px rgba(71,79,88,1); background:#6ABA4F; color: #FFFFFF; font: 20px arial, sans-serif; width: 800px; padding: 10px; margin-top: 30px; margin-left: auto ; margin-right: auto ; } #block { -webkit-box-shadow: 2px 2px 2px 0px rgba(71,79,88,1); -moz-box-shadow: 2p2 2px 2px 0px rgba(71,79,88,1); box-shadow: 2px 2px 2px 0px rgba(71,79,88,1); background:#FFFFFF; color: #000000; font: 16px arial, sans-serif; width: 820px; margin-top: 15px; margin-left: auto ; margin-right: auto ; } #block_header { width: 800px; padding: 10px; background: #E9ECF0; color: #2B2C34; margin-left: auto ; margin-right: auto ; } #block_body { width: 800px; background: #FFFFFF; color: #2B2C34; padding: auto; padding-top: 20px; padding-bottom: 20px; margin-left: auto ; margin-right: auto ; } </style> </head> <body> <div id=\"header\">Exabeam Incident Response</div> <div id=\"block\"> <div id=\"sides\"> <div id=\"sides_left\"> <div id=\"block_body\"> Hi, <p>Thank you for letting us know - our assessment determined that the email with subject <b>{{input_subject}}</b> received on {{input_incident_date}} is an <b>unsolicited SPAM email</b>. You can safely delete this message. If you no longer wish to receive similar type of messages from the sender in the future - you can block the sender or sender's domain by right clicking the email in Outlook -> Junk -> Block Sender.</p> {{#input_description}} <p>{{input_description}}</p> {{/input_description}} {{#signature}} <p>Regards,<br>{{signature}}</p> {{/signature}} {{^signature}} <p>Regards,<br>Exabeam IR</p> {{/signature}} </div> </div> </div> </div> </body> </html>You can also create something more simple; for example:
<html> <head> </head> <body> <p>Thank you for letting us know - our assessment determined that the email with subject <b>{{input_subject}}</b> received on {{input_incident_date}} is an <b>unsolicited SPAM email</b>. You can safely delete this message. If you no longer wish to receive similar type of messages from the sender in the future - you can block the sender or sender's domain by right clicking the email in Outlook -> Junk -> Block Sender.</p> </body> </html>
Click SAVE. Now, you can select this template when you configure a playbook action node using the Notify by email action.