- Incident Responder i56 Release Notes
- What's New
- Known Issues
- Issues Fixed in Incident Responder i56.5 (General Availability)
- Issues Fixed in Incident Responder i56.6
- Issues Fixed in Incident Responder i56.7
- Issues Fixed in Incident Responder i56.8
- Issues Fixed in Incident Responder i56.9
- Issues Fixed in Incident Responder i56.10
- Issues Fixed in Incident Responder i56.11
- Issues Fixed in Incident Responder i56.12
- Issues Fixed in Incident Responder i56.13
- Issues Fixed in Incident Responder i56.14
- Get Started with Incident Responder
- Configure Incident Responder Settings
- Core Settings
- Analytics Settings
- Configure Services
- Prerequisites for Configuring Incident Responder Microsoft Services with OAuth2.0 Authentication
- Configure the Amazon Elastic Compute Cloud (EC2) Service
- Configure the Anomali ThreatStream API Service
- Configure the Atlassian Jira Service
- Configure the BMC Remedy Service
- Configure the Check Point Firewall Service
- Configure the Cisco AMP for Endpoints Service
- Configure the Cisco Services Engine (ISE) Service
- Configure the Cisco Threat Grid Service
- Configure the Cisco Umbrella Enforcement Service
- Configure the Cisco Umbrella Investigate Service
- Configure the CrowdStrike Falcon Host API Service Service
- Configure the CyberArk Service
- Configure the Cylance Protect Service
- Configure the Exabeam Advanced Analytics Service
- Configure the Exabeam DL Service
- Configure the FireEye HX Service
- Configure the Fortinet Service
- Configure the Google Gmail Service
- Configure the IntSights Cyber Intelligence Ltd. Service
- Configure the IRNotificationSMTPService Service
- Configure the Microsoft Active Directory (AD) (Latest) Service
- Configure the Microsoft Exchange Service
- Configure the Microsoft Outlook Office 365 Service
- Configure the Microsoft Windows Defender ATP Service
- Configure the Microsoft Windows Management Instrumentation Service
- Configure the Netskope Service
- Configure the Okta Service
- Configure the Palo Alto Networks Firewall Service
- Configure the Palo Alto Networks Wildfire Service
- Configure the Rapid7 insightVM Service
- Configure the SentinelOne Service
- Configure the SentinelOneV2 Service
- Configure the Service Now Service
- Configure the Slack Service
- Configure the SlashNext Service
- Configure the Splunk Service
- Configure the ThreatConnect API Service
- Configure the Urlscan.io API Service
- Configure the VirusTotal Service
- Configure the Zscaler Service
- Test a Service
- Edit a Service
- Disable a Service
- Upload a Custom Service
- Delete a Custom Service
- Create an Email Template for the Notify by Email Action
- Respond to Security Incidents
What's New
Incident Responder i56 includes features that support new turnkey playbooks, email notifications for playbook outputs, and new playbook triggers.
New Turnkey Playbooks
Pre-configured playbooks are ready to run for phishing and malware threats.
We launched turnkey playbooks with the Threat Intelligence Reputation Lookup turnkey playbook. Now, you have turnkey playbooks that address phishing and malware threats.
The Phishing turnkey playbook is an extended version of the existing Threat Intelligence Reputation Lookup turnkey playbook. It similarly analyzes and triages suspicious emails, but also gathers data from Advanced Analytics and detonates files in a sandbox if the email is considered malicious.
The Malware turnkey playbook helps you analyze, triage, and detonate suspicious files that may be potential malware. Depending on the reputation of the file entities and their related hashes, it changes the incident's priority and comments on the incident.
Exabeam Documentation: Phishing Turnkey Playbook
Exabeam Documentation: Malware Turnkey Playbook
Get Notified about Playbook Outputs
Use the Notify by Email Exabeam action to get notified by email about your playbook outputs.
When used in a playbook, the new Notify by Email action sends you an email notifying you about a playbook's outputs. While you can manually run the action on its own, it was designed to be used only as a playbook action node.
When you configure the action, you must select an email template, which determines the email subject line and body. There are two out-of-the-box templates: Phishing email received and Phishing email (benign) received. The Phishing email received email template notifies you that the playbook found a malicious phishing email. The Phishing (benign) received email template notifies you that the playbook found an unsolicited spam email. Modify these templates or create ones that better suit your playbooks.
Exabeam Documentation: Create an Email Template for the Notify by Email Action
New Playbook Triggers
Automatically run playbooks under more scenarios with three new playbook triggers.
Previously, you could automatically run playbooks using three triggers: incident created, status changed, and priority changed. We added three more triggers so you can automatically run playbooks under more scenarios: queue changed, assignee changed, and incident type changed.
Exabeam Documentation: Playbook Triggers
Exabeam Documentation: Create a Playbook Trigger