- Incident Responder Release Notes
- Get Started with Incident Responder
- Configure Incident Responder Settings
- Core Settings
- Analytics Settings
- Configure Services
- Prerequisites for Configuring Incident Responder Microsoft Services with OAuth2.0 Authentication
- Configure the Amazon Elastic Compute Cloud (EC2) Service
- Configure the Anomali ThreatStream API Service
- Configure the Atlassian Jira Service
- Configure the BMC Remedy Service
- Configure the Check Point Firewall Service
- Configure the Cisco AMP for Endpoints Service
- Configure the Cisco Services Engine (ISE) Service
- Configure the Cisco Threat Grid Service
- Configure the Cisco Umbrella Enforcement Service
- Configure the Cisco Umbrella Investigate Service
- Configure the CrowdStrike Falcon Host API Service Service
- Configure the CrowdStrike Falcon Host API Service Service
- Configure the CyberArk Service
- Configure the Cylance Protect Service
- Configure the Exabeam Advanced Analytics Service
- Configure the Exabeam Cloud Search Service
- Configure the Exabeam DL Service
- Configure the FireEye HX Service
- Configure the Fortinet Service
- Configure the Google Gmail Service
- Configure the IntSights Cyber Intelligence Ltd. Service
- Configure the IRNotificationSMTPService Service
- Configure the Microsoft Active Directory (AD) (Latest) Service
- Configure the Microsoft Exchange Service
- Configure the Microsoft Outlook Office 365 Service
- Configure the Microsoft Windows Defender ATP Service
- Configure the Microsoft Windows Management Instrumentation Service
- Configure the Netskope Service
- Configure the Okta Service
- Configure the Palo Alto Networks Firewall Service
- Configure the Palo Alto Networks Wildfire Service
- Configure the Rapid7 insightVM Service
- Configure the SentinelOne Service
- Configure the SentinelOneV2 Service
- Configure the Service Now Service
- Configure the Slack Service
- Configure the SlashNext Service
- Configure the Splunk Service
- Configure the ThreatConnect API Service
- Configure the Urlscan.io API Service
- Configure the VirusTotal Service
- Configure the Zscaler Service
- Test a Service
- Edit a Service
- Disable a Service
- Upload a Custom Service
- Delete a Custom Service
- Create an Email Template for the Notify by Email Action
- Respond to Security Incidents
What's New
What's New in i63
Exabeam Cloud Search Service From Incident Responder
From Incident Responder, you can now search logs and run queries using the cloud-native Search application on the Exabeam Security Operations Platform. The Exabeam Cloud Search service is available in Incident Responder i62.5 and later and i63.6 and later.
What's New in i62
Turnkey Playbooks for Fusion Licenses
Note
We updated the release notes to include information about the availability of Incident Responder turnkey playbooks.
If you have a Fusion license, you can run turnkey playbooks even if you don't have Incident Responder.
To migrate a legacy license to a Fusion license, you must have Data Lake i40.4 and Advanced Analytics version i62.2. After you upgrade to these versions, Exabeam schedules your migration. To request that Exabeam prioritize your migration, contact your Exabeam representative or open a support case on the Exabeam Community.
To unlock additional features, like editing playbooks, creating and running custom playbooks, and integrating third-party services, you must have an Incident Responder add-on. To request the add-on, contact your Exabeam representative or open a support case on the Exabeam Community.
Exabeam Cloud Search Service From Incident Responder
From Incident Responder, you can now search logs and run queries using the cloud-native Search application on the Exabeam Security Operations Platform. The Exabeam Cloud Search service is available in Incident Responder i62.5 and later and i63.6 and later.
What's New in i61
This release does not include new features for Incident Responder.
What's New in i60
This release does not include new features for Incident Responder.
What's New in i59
This release does not include new features for Incident Responder.
What's New in i58
New Turnkey Playbooks for Behavior Analytics Incidents
Pre-configured playbooks for classifying and enriching Behavior Analytics incidents are ready for you to run.
When an Advanced Analytics user or asset session becomes notable, Case Manager automatically creates an incident with the Behavior Analytics incident type.
The Automated Incident Classification turnkey playbook analyzes the notable session to accurately classify the incident's type, helping you make sense of all the evidence in Advanced Analytics and quickly diagnose what threat you're investigating. It's important that incidents have the correct incident type so you standardize the evidence you collect and define tasks for investigating, containing, and remediating the incident.
The Automated Incident Enrichment turnkey playbook gathers critical information from the Advanced Analytics session and populates the Case Manager incident with additional contextual or evidence you need to investigate the incident.
Exabeam Documentation: Automated Incident Classification Turnkey Playbook
Exabeam Documentation: Automated Incident Enrichment Turnkey Playbook
What's New in i57
This release does not include new features for Incident Responder.