- Incident Responder Release Notes
- Get Started with Incident Responder
- Configure Incident Responder Settings
- Core Settings
- Analytics Settings
- Configure Services
- Prerequisites for Configuring Incident Responder Microsoft Services with OAuth2.0 Authentication
- Configure the Amazon Elastic Compute Cloud (EC2) Service
- Configure the Anomali ThreatStream API Service
- Configure the Atlassian Jira Service
- Configure the BMC Remedy Service
- Configure the Check Point Firewall Service
- Configure the Cisco AMP for Endpoints Service
- Configure the Cisco Services Engine (ISE) Service
- Configure the Cisco Threat Grid Service
- Configure the Cisco Umbrella Enforcement Service
- Configure the Cisco Umbrella Investigate Service
- Configure the CrowdStrike Falcon Host API Service Service
- Configure the CrowdStrike Falcon Host API Service Service
- Configure the CyberArk Service
- Configure the Cylance Protect Service
- Configure the Exabeam Advanced Analytics Service
- Configure the Exabeam Cloud Search Service
- Configure the Exabeam DL Service
- Configure the FireEye HX Service
- Configure the Fortinet Service
- Configure the Google Gmail Service
- Configure the IntSights Cyber Intelligence Ltd. Service
- Configure the IRNotificationSMTPService Service
- Configure the Joe Security Joe Sandbox Service Service
- Configure the Microsoft Active Directory (AD) (Latest) Service
- Configure the Microsoft Exchange Service
- Configure the Microsoft Outlook Office 365 Service
- Configure the Microsoft Windows Defender ATP Service
- Configure the Microsoft Windows Management Instrumentation Service
- Configure the Netskope Service
- Configure the Okta Service
- Configure the Palo Alto Networks Firewall Service
- Configure the Palo Alto Networks Wildfire Service
- Configure the Rapid7 insightVM Service
- Configure the SentinelOne Service
- Configure the SentinelOneV2 Service
- Configure the Service Now Service
- Configure the Slack Service
- Configure the SlashNext Service
- Configure the Splunk Service
- Configure the ThreatConnect API Service
- Configure the Urlscan.io API Service
- Configure the VirusTotal Service
- Configure the Zscaler Service
- Test a Service
- Edit a Service
- Disable a Service
- Upload a Custom Service
- Delete a Custom Service
- Create an Email Template for the Notify by Email Action
- Respond to Security Incidents
Upload a Custom Service
If you created your own service, upload the ZIP file to Incident Responder .
You can manage services only if you're assigned an Incident Responder seat.
You can create and upload two types of custom services: one you develop from scratch, and one that customizes an existing third-party service. If you upload a custom service that customizes an existing third-party service, all related actions and playbooks will start using this custom service.
If you create your own service from scratch, without using Exabeam Action Editor, ensure your ZIP file includes certain components. If you introduce any Python dependencies, you must include any Python modules as Python wheels and a requirements.txt file containing these wheels. Place the requirements.txt file under the python_dep directory.
You can't upload the same custom service more than once. To edit a custom service, delete the service, then upload it again.
In the sidebar, click SETTINGS
, then select Core.Under SERVICE INTEGRATIONS, select Services.
Click Upload service package
.Click UPLOAD PACKAGE, then upload a ZIP file, no more more than 10MB. If the custom service changes or removes existing actions, playbooks that use these actions may not run as expected.
Click SUBMIT. The service is added to the list with a Custom label.