- Incident Responder i56 Release Notes
- What's New
- Known Issues
- Issues Fixed in Incident Responder i56.5 (General Availability)
- Issues Fixed in Incident Responder i56.6
- Issues Fixed in Incident Responder i56.7
- Issues Fixed in Incident Responder i56.8
- Issues Fixed in Incident Responder i56.9
- Issues Fixed in Incident Responder i56.10
- Issues Fixed in Incident Responder i56.11
- Issues Fixed in Incident Responder i56.12
- Issues Fixed in Incident Responder i56.13
- Issues Fixed in Incident Responder i56.14
- Get Started with Incident Responder
- Configure Incident Responder Settings
- Core Settings
- Analytics Settings
- Configure Services
- Prerequisites for Configuring Incident Responder Microsoft Services with OAuth2.0 Authentication
- Configure the Amazon Elastic Compute Cloud (EC2) Service
- Configure the Anomali ThreatStream API Service
- Configure the Atlassian Jira Service
- Configure the BMC Remedy Service
- Configure the Check Point Firewall Service
- Configure the Cisco AMP for Endpoints Service
- Configure the Cisco Services Engine (ISE) Service
- Configure the Cisco Threat Grid Service
- Configure the Cisco Umbrella Enforcement Service
- Configure the Cisco Umbrella Investigate Service
- Configure the CrowdStrike Falcon Host API Service Service
- Configure the CyberArk Service
- Configure the Cylance Protect Service
- Configure the Exabeam Advanced Analytics Service
- Configure the Exabeam DL Service
- Configure the FireEye HX Service
- Configure the Fortinet Service
- Configure the Google Gmail Service
- Configure the IntSights Cyber Intelligence Ltd. Service
- Configure the IRNotificationSMTPService Service
- Configure the Microsoft Active Directory (AD) (Latest) Service
- Configure the Microsoft Exchange Service
- Configure the Microsoft Outlook Office 365 Service
- Configure the Microsoft Windows Defender ATP Service
- Configure the Microsoft Windows Management Instrumentation Service
- Configure the Netskope Service
- Configure the Okta Service
- Configure the Palo Alto Networks Firewall Service
- Configure the Palo Alto Networks Wildfire Service
- Configure the Rapid7 insightVM Service
- Configure the SentinelOne Service
- Configure the SentinelOneV2 Service
- Configure the Service Now Service
- Configure the Slack Service
- Configure the SlashNext Service
- Configure the Splunk Service
- Configure the ThreatConnect API Service
- Configure the Urlscan.io API Service
- Configure the VirusTotal Service
- Configure the Zscaler Service
- Test a Service
- Edit a Service
- Disable a Service
- Upload a Custom Service
- Delete a Custom Service
- Create an Email Template for the Notify by Email Action
- Respond to Security Incidents
Respond to Security Incidents
Use Incident Responder to respond to security incidents. Run pre-configured turnkey playbooks that are ready out of the box. Create you own custom playbook that fits your specific needs and consider using templates to get started quickly. Run playbooks automatically using triggers or manually from an incident's workbench.
Fully pre-configured turnkey playbooks are ready to run out of the box.
Create a playbook to automate your workflow, and respond more quickly and efficiently to attacks.
If you don't want to create a playbook from scratch, use a template. These templates come out-of-the-box or you can import your own from an existing playbook.
For a playbook to run automatically, define which circumstances and conditions trigger the playbook. You define a playbook trigger from the PLAYBOOKS page, or when you create or edit a playbook.
Instead of automating an action using a playbook, run an action manually on an incident from its workbench.
Instead of triggering a playbook with a certain scenario, run a playbook manually on a specific incident from its workbench.
Clear an Incident's Playbook and Action Outputs
In the workbench, the outputs of all the playbook and actions you've ever run accumulate so it's hard to tell what's most recent. Clean up your workbench and only display the latest results.