- Incident Responder i56 Release Notes
- What's New
- Known Issues
- Issues Fixed in Incident Responder i56.5 (General Availability)
- Issues Fixed in Incident Responder i56.6
- Issues Fixed in Incident Responder i56.7
- Issues Fixed in Incident Responder i56.8
- Issues Fixed in Incident Responder i56.9
- Issues Fixed in Incident Responder i56.10
- Issues Fixed in Incident Responder i56.11
- Issues Fixed in Incident Responder i56.12
- Issues Fixed in Incident Responder i56.13
- Issues Fixed in Incident Responder i56.14
- Get Started with Incident Responder
- Configure Incident Responder Settings
- Core Settings
- Analytics Settings
- Configure Services
- Prerequisites for Configuring Incident Responder Microsoft Services with OAuth2.0 Authentication
- Configure the Amazon Elastic Compute Cloud (EC2) Service
- Configure the Anomali ThreatStream API Service
- Configure the Atlassian Jira Service
- Configure the BMC Remedy Service
- Configure the Check Point Firewall Service
- Configure the Cisco AMP for Endpoints Service
- Configure the Cisco Services Engine (ISE) Service
- Configure the Cisco Threat Grid Service
- Configure the Cisco Umbrella Enforcement Service
- Configure the Cisco Umbrella Investigate Service
- Configure the CrowdStrike Falcon Host API Service Service
- Configure the CyberArk Service
- Configure the Cylance Protect Service
- Configure the Exabeam Advanced Analytics Service
- Configure the Exabeam DL Service
- Configure the FireEye HX Service
- Configure the Fortinet Service
- Configure the Google Gmail Service
- Configure the IntSights Cyber Intelligence Ltd. Service
- Configure the IRNotificationSMTPService Service
- Configure the Microsoft Active Directory (AD) (Latest) Service
- Configure the Microsoft Exchange Service
- Configure the Microsoft Outlook Office 365 Service
- Configure the Microsoft Windows Defender ATP Service
- Configure the Microsoft Windows Management Instrumentation Service
- Configure the Netskope Service
- Configure the Okta Service
- Configure the Palo Alto Networks Firewall Service
- Configure the Palo Alto Networks Wildfire Service
- Configure the Rapid7 insightVM Service
- Configure the SentinelOne Service
- Configure the SentinelOneV2 Service
- Configure the Service Now Service
- Configure the Slack Service
- Configure the SlashNext Service
- Configure the Splunk Service
- Configure the ThreatConnect API Service
- Configure the Urlscan.io API Service
- Configure the VirusTotal Service
- Configure the Zscaler Service
- Test a Service
- Edit a Service
- Disable a Service
- Upload a Custom Service
- Delete a Custom Service
- Create an Email Template for the Notify by Email Action
- Respond to Security Incidents
PrevNext
Incident Responder Actions
Call a third-party service and gather data points manually or automatically using actions.
An action is an API call to a service that gathers specific data points about an indicator of compromise (IOC) in an incident; for example, it can find the reputation of an IP address artifact. It is a Python script that you can edit or create on your own. You execute them manually, or automatically using a playbook. There are out-of-the-box actions, or you integrate Incident Responder with a service to run others.