Incident ResponderConfigure Incident Responder

Table of Contents

Prerequisites for Configuring Incident Responder Services

Before you configure an Incident Responder service, ensure you have the correct product versions, have the permissions and credentials you need, and whitelist relevant URLs and ports if you use a proxy.

Prerequisites for Configuring the Amazon Elastic Compute Cloud (EC2) Service

Before you configure Amazon EC2 as an Incident Responder service, ensure you have certain prerequisites.

  • Create and save an Amazon Web Services (AWS) access key. You enter the secret access key and access key ID later.

  • Note the Region code of your AWS Regional endpoint. You enter the Region code later.

  • If you use a proxy, ensure that you whitelist the AWS Regional endpoint.

Prerequisites for Configuring the Cisco Identity Services Engine (ISE) Service Service

Before you configure Cisco Identity Services Engine (ISE) Service as an Incident Responder service, ensure you have certain prerequisites.

  • You must have Incident Responder i56 or a cloud-delivered deployment.

  • If you use a proxy, ensure that you whitelist the IP address or domain of your Cisco ISE API endpoint.

Prerequisites for Configuring the Fortinet Service

Before you configure Fortinet as an Incident Responder service, ensure you have certain prerequisites.

  • Create a PyFortiAPI firewall object. You use the ipaddr, username, and password later.

  • If you use a proxy, ensure that you whitelist your the IP address or domain of your Fortinet API endpoint.

Prerequisites for Configuring the IntSights Cyber Intelligence Ltd. Service

Before you configure IntSights as an Incident Responder service, ensure you have certain prerequisites.

  • Obtain your API account ID from IntSights's Subscription page. For more information, contact Intsights Customer Support.

  • Obtain an API key from IntSights's Subscription page. Since this API key is the same key used to connect to IntSights's virtual appliance and cloud platform, you can reuse a key you previously generated. For more information, contact Intsights Customer Support.

  • If you use a proxy, ensure that you whitelist https://api.intsights.com

Prerequisites for Configuring the Microsoft Active Directory (AD) (Latest) Service

Before you configure Microsoft Azure AD as an Incident Responder service, ensure you have certain prerequisites.

  • If you use a proxy, ensure that you whitelist the IP address of your Microsoft AD endpoint.

Prerequisites for Configuring the Microsoft Outlook Office 365 Service

Before you configure Microsoft Outlook Office 365 as an Incident Responder service, ensure you have certain prerequisites.

  • In the Microsoft Exchange admin center (EAC), ensure you have an admin role group with ApplicationImpersonation and View-Only Recipients permissions.

  • Assign an Microsoft Outlook Office 365 account with an active mailbox the admin role with ApplicationImpersonation and View-Only Recipients permissions. You use the email address and password for this account later.

  • If you use a proxy, ensure that you whitelist https://reports.office365.com/

Prerequisites for Configuring the SentinelOne Service

Before you configure SentinelOne as an Incident Responder service, ensure you have certain prerequisites.

  • Generate a SentinelOne API token, then save it. For more information, contact SentinelOne Customer Support.

  • If you use a proxy, ensure that you whitelist the domain for your SentinelOne API endpoint; for example https://yourcompany.sentinelone.net/

Prerequisites for Configuring the Zscaler Service

Before you configure Zscaler as an Incident Responder service, ensure you have certain prerequisites.

  • On the Zscaler API Key Management page, note the base URL for the cloud service API.

  • On the Zscaler API Key Management page, note your cloud service API key string.

  • If you use a proxy, ensure that you whitelist the base URL for the cloud service API.