- Get Started with Threat Center
- Group Detections
- Work on Cases
- Triage Alerts in Threat Center
- Edit and Collaborate in Threat Center
- Find Cases or Alerts
- Build a Search in Threat Center
- Enter a Search Using Exabeam Query Language in Threat Center
- Enter a Search Using Natural Language in Threat Center
- Run a Recent Search in Threat Center
- Create a New Saved Search in Threat Center
- Run a Saved Search in Threat Center
- Edit a Saved Search in Threat Center
- Delete a Saved Search in Threat Center
- Sort Cases or Alerts
- View Case and Alert Metrics
- Get Notified About Threat Center
Manually Send Case or Alert Information to Email
Manually send an email containing case or alert information directly from the case or alert to people who can't access Threat Center.
Email people who can't access Threat Center, like non-SOC staff in your organization, to exchange questions, instructions, and feedback about an investigation.
The email contains:
The person or playbook that sent the email
The case or alert ID
The date and time the case or alert was last updated
The field by which related detections are grouped
The case or alert URL
A summary of the case or alert, including the number of related detections, triggered rules, MITRE ATT&CK® tactics and techniques, users, endpoints; and the case or alert risk score[8]
A more detailed summary of the case or alert, including a list of related users, endpoints, tags, ATT&CK tactics and techniques, Exabeam use cases; the case or alert severity; and, for cases, the case stage, the case closed reason if the case stage is Closed, queue, and assignee.
The entire threat timeline.
To automatically send case or alert information to email under specific situations and conditions you specify, create an Automation Management playbook where an action is Send all threat details via email.
In a case or alert, click Automations, then select Send email.
Select or enter the email addresses to which you'll send case or alert information.
Click Send. This action is recorded in the case or alert history.
[8] MITRE ATT&CK and ATT&CK are trademarks of The MITRE Corporation ("MITRE"). Exabeam is not affiliated with or sponsored or endorsed by MITRE. Nothing herein is a representation of the views or opinions of MITRE or its personnel.