Incident ResponderRespond to Security Incidents

Turnkey Playbooks

Fully pre-configured turnkey playbooks are ready to run out of the box.

Turnkey playbooks are pre-configured playbooks that are ready for you to run, without having to purchase additional services to get the actions you need.Playbooks

They are listed along other playbooks you created on the PLAYBOOKS page. Like a playbook you created yourself, you can run them manually or automatically with a playbook trigger.Playbook Triggers

These playbooks leverage an in-house service, Exabeam Actions, that is available out-of-the-box and free to use. The service supports basic actions, including:Exabeam Actions

To customize a turnkey playbook, you can also use it as a template.

Threat Intelligence Reputation Lookup Turnkey Playbook

Learn about the Threat Intelligence Reputation Lookup turnkey playbook and how it works.

The Threat Intelligence Reputation Lookup turnkey playbook helps you analyze and triage suspicious emails, like potential spam and phishing emails. It changes a Case Manager incident's priority based on the reputation of an email entity and its artifacts.Entity TypesArtifact Types

First, the playbook assesses the reputation of the incident's entities and artifacts, including:

  • Files attached to the email

  • IP addresses

  • Domains of any URLs in the email body

  • Domain of the sender's email address

If the playbook finds any IP addresses with a malicious reputation, it searches for other incidents that has the same IP address entity or artifact. View the output in the incident's workbench.The Workbench

If any entity or artifact has a malicious reputation, the playbook escalates the incident's priority to critical. If none of the artifacts have a malicious reputation, the playbook de-escalates the incident's priority to low.