- Incident Responder Release Notes
- Get Started with Incident Responder
- Configure Incident Responder Settings
- Core Settings
- Analytics Settings
- Configure Services
- Prerequisites for Configuring Incident Responder Microsoft Services with OAuth2.0 Authentication
- Configure the Amazon Elastic Compute Cloud (EC2) Service
- Configure the Anomali ThreatStream API Service
- Configure the Atlassian Jira Service
- Configure the BMC Remedy Service
- Configure the Check Point Firewall Service
- Configure the Cisco AMP for Endpoints Service
- Configure the Cisco Services Engine (ISE) Service
- Configure the Cisco Threat Grid Service
- Configure the Cisco Umbrella Enforcement Service
- Configure the Cisco Umbrella Investigate Service
- Configure the CrowdStrike Falcon Host API Service Service
- Configure the CrowdStrike Falcon Host API Service Service
- Configure the CyberArk Service
- Configure the Cylance Protect Service
- Configure the Exabeam Advanced Analytics Service
- Configure the Exabeam Cloud Search Service
- Configure the Exabeam DL Service
- Configure the FireEye HX Service
- Configure the Fortinet Service
- Configure the Google Gmail Service
- Configure the IntSights Cyber Intelligence Ltd. Service
- Configure the IRNotificationSMTPService Service
- Configure the Microsoft Active Directory (AD) (Latest) Service
- Configure the Microsoft Exchange Service
- Configure the Microsoft Outlook Office 365 Service
- Configure the Microsoft Windows Defender ATP Service
- Configure the Microsoft Windows Management Instrumentation Service
- Configure the Netskope Service
- Configure the Okta Service
- Configure the Palo Alto Networks Firewall Service
- Configure the Palo Alto Networks Wildfire Service
- Configure the Rapid7 insightVM Service
- Configure the SentinelOne Service
- Configure the SentinelOneV2 Service
- Configure the Service Now Service
- Configure the Slack Service
- Configure the SlashNext Service
- Configure the Splunk Service
- Configure the ThreatConnect API Service
- Configure the Urlscan.io API Service
- Configure the VirusTotal Service
- Configure the Zscaler Service
- Test a Service
- Edit a Service
- Disable a Service
- Upload a Custom Service
- Delete a Custom Service
- Create an Email Template for the Notify by Email Action
- Respond to Security Incidents
Addressed Issues
Incident Responder i63.7
Issue ID | Summary |
|---|---|
SOAR-14141 | Fixed an issue with playbook asset sequence search where users experienced long query times and database slowness. With this fix, the default search duration has been reduced to two days, significantly lowering the total number of DB queries per incident. |
SOAR-14119 | Fixed an issue with Slack Service recipient restrictions where customers could not select Message Input and Recipients Input from drop-down boxes, even after configuring the service successfully. The customer was unable to leverage the Service as expected due to this limitation. This issue has been resolved by updating the Slack integration for sending messages to a channel action to reflect the latest changes in the Slack API. |
SOAR-14103 | Fixed an issue with incident rules where the |
SOAR-13987 | Fixed an issue with the Exchange Message Trace Integration where Incident Responder Playbooks failed to connect to Office 365 due to an issue with the Exchange Online API. When this occurred, Incident Responder displayed an |
SOAR-13863 | Fixed an issue with the Fortinet integration where configuring the service required default settings that were not supported. With this fix, you can now specify additional settings, including VDOM (Virtual Domain), port, Firewall Block IP incoming and Outgoing interfaces, allowing you to block IP addresses on FortiGate Firewalls running on non-default management ports, such as |
Also see: |
Incident Responder i63.6
Issue ID | Description |
|---|---|
SOAR-13959 | Fixed an issue where if you incorrectly configured email ingest using the OAuth2.0 protocol, the connectivity test stalled in a loading state. Now, if email ingest is not configured correctly, Incident Responder displays a |
Also see: |