Incident ResponderExabeam Incident Responder Release Notes

What's New

Use Advanced Analytics, Case Manager, and Incident Responder in Japanese

We're introducing localized versions of Exabeam products, starting with Japanese.

Advanced Analytics, Case Manager, and Incident Responder is available in Japanese! To switch your product language, head to the Menu The menu icon in the navigation bar; three white lines on a green background. > Select Language.

The Advanced Analytics Home page in Japanese.

We also introduced a new date format, ISO-slash (YYYY/MM/DD), slightly modified from the existing ISO format (YYYY-MM-DD), so you can display dates exactly how you like. Configure your system to change your dates to any of these formats.Change Date and Time Formats

Exabeam Documentation: Change Language in Advanced Analytics, Case Manager, and Incident ResponderChange Language in Advanced Analytics, Case Manager, and Incident Responder

Exabeam Documentation: Supported Date and Time FormatsSupported Date and Time Formats

Filter Inputs With Filter Nodes

All the data you want, without the ones you don't — filter nodes have arrived.

You use a filter node to filter out a subset of the input source, based on conditions you specify when you configure the node. The filter node outputs the remaining subset and passes it on to the next node. The next node only evaluates this remaining subset. For example, you can use a filter node to remove:

  • Normal domains, so the next node evaluates malicious domains only.

  • Allow listed URLs, so the next node evaluates block listed URLs only.

  • Email attachments with a risk score below 90, so the next node evaluates attachments with a risk score above 90 only.

  • IP addresses from other countries, so the next node evaluates IP addresses from a specific country only.

A filter node is different from a decision node because it only evaluates multiple values. You use a decision node to evaluate a single value.

Exabeam Documentation: Add a Filter NodeAdd a Filter Node

Exabeam Documentation: Add a NodeAdd a Node

Exabeam Documentation: Create a PlaybookCreate a Playbook

Improved Process for Uploading Custom Services

We improved the process to upload a custom service to Incident Responder.

If you created your own service or customized an existing one that comes out of the box, you can upload them to Incident Responder to run custom actions and use them in playbooks.

Now, this process is easier than ever. You upload a ZIP file that contains all the relevant files. We warn you if this affects any playbooks. If the custom service modifies an existing service, the custom service overrides the existing service and becomes the default. If you delete the service, we do the same—we warn you if it affects any playbooks, and the out-of-the-box service returns to being the default.

Exabeam Documentation: Upload a Custom ServiceUpload a Custom Service

Exabeam Documentation: Delete a Custom ServiceDelete a Custom Service

Introducing Turnkey Playbooks

It hasn't been easy to get started using playbooks. You had to purchase third-party services to get all the actions you need, then debug various issues when you configured those services. No fear; turnkey playbooks are here.

Turnkey playbooks are pre-configured, out-of-the-box playbooks that are ready for you to run, without having to purchase additional services to get the actions you need.

They are listed along other playbooks you created on the PLAYBOOKS page. Like a playbook you created yourself, you can run them manually or using a playbook trigger.

To modify a turnkey playbook to better suit your needs, you can also use them as a template.

With turnkey playbooks, we also introduce an in-house, free service called Exabeam Actions. It offers basic actions, like getting reputations and detonating files.

We launch turnkey playbooks with the Threat Intelligence Reputation Lookup playbook. It helps you analyze and triage suspicious emails, like potential spam and phishing emails. We will launch additional playbooks in later releases.

Exabeam Documentation: Turnkey PlaybooksTurnkey Playbooks

Exabeam Documentation: Threat Intelligence Reputation Lookup Turnkey PlaybookThreat Intelligence Reputation Lookup Turnkey Playbook

Exabeam Documentation: Exabeam Actions ServiceExabeam Actions Service