FAQ (All Modules)
Last updated
Last updated
A: Yes, you can create and upload your own training in multiple formats like PowerPoint, HTML5, mp4 or others to the platform. Contact our Team for more information.
A: No, it does not. No one, including our team or Company Admins who manage the platform dashboard, cannot view the contents of any email.
A: Yes, it is. Many institutions manage the add-in (install, uninstall, enable, disable) with central administration tools-for example, Microsoft SCCM, IBM Bigfix.
A: The platform generates a random key which is unique for each customer, then encrypts all reported emails on disk with AES 256 algorithm.
A: We use “Code Signing with Microsoft Authenticode” to protect tools against hacking attempts. For more information, please .
A: We log all operations in detail and transmits a copy of them to SIEM products in real-time. In this case, you can observe the behaviour of users, create an alert for abnormal situations and take action, or you can use the logs at audit time.
A: Yes, you have the feature for an automatic investigation by which and you can detect and remove the suspicious email or any of its variants in any of your users' inboxes, and you can automatically report it.
Yes, if you follow the path Incident Response> Task> New Task on the dashboard, you can send an email notification to both user and system administrators and alternate SOC teams.
A: The operation is run in a maximum of 60 + random seconds. But we can shorten this time.
A: By default, we ask for the file hash; if it has not been scanned before, we send the file itself. If you do not want to send the file under any circumstances, you can prevent this by creating a task in our interface.
A: We analyze the suspicious email by Header, body and attachment using our third-party engines integrated into our interface. It is possible to add a new analysis service here.
A: An email address with its password will be enough to start ETS. Therefore, we recommend to create a test account for the usage of this service.
Outlook Versions: Outlook 2007/2010/2013/2016
A: Yes, you have the feature for an automatic investigation by which and you can detect and remove the suspicious email or any of its variant in any of your users' inboxes, and you can automatically report it.
A: Yes, all logs are kept under the C:\Users\Public\KeepnetLabs\AuiditLog directory. You can transfer this to Arcsight with your Syslog tool.
A: We can test system resources through stress testing. At the same time, there is a queuing mechanism that we use to prevent the blowout. The mechanism operates by putting the notifications in order.
A: All modules except add-in works everywhere. On the other hand, add-in works with MS outlook everywhere.
A: Nothing except .net 2.5 or higher versions.
A: No.
What is the resource utilization of the plugin and incident responder? How will it affect the limited bandwidth?
A: Minimum Computer Specifications:
Outlook Versions: Outlook 2007/2010/2013/2016
CPU Usage: 0%to 5%of CPU
RAM Usage: 120~MB of RAM
Disk Usage: 3MB disk space
Network Traffic: payload size + http requests size = Approx. 230kbps
A: It is an add-in for Microsoft Outlook Desktop and Office 365.
A: It depends on your company policy. If a user has a right to disable it, then the user can disable it. Many organizations handle this process by GPO.
A: Add-in connect to the server through HTTPS (port 443)
A: No, you don't. It will be installed directly.
A: Yes, if it is demanded, Keepnet can share every detail.
A: New .msi file shared by keepnet.
A: Please contact with Keepnet team to get an on-premise requirement document.
A: We support MS SQL 2016. Therefore, it won't affect us
A: ISO 27001 audit report as well as pentest reports.
A: We do all queuing services with RabbitMQ for now. We don't have any other application support. If you can share with us the applications that are used and supported by your organization, we add them to our support list for the future.
A: Yes, we can use the instance allocated from the corporate MSSQL database to us.
A: No, it does not. The owner will be enough.
A: We have Proxy support for accessing the services on the Internet. By configuring the Proxy on the interface, you can manage all Internet traffic of Keepnet.
A: - Active: The user who actively uses phishing reporter add-in.
- Passive: The user doesn't use the phishing reporter add-in.
A: The Company API Key and OAuth value are valid as long as the company is active in our system.
There is not any character problem and case sensitivity issue.
A: Keepnet uses 1028 bit AES encryption in order to encrypt the attached file and store them on the disk.
The system relies on AD integration; therefore, if the user is still active on the AD, they will also be active in the target group.
The system automatically deletes the user from the related target group on the platform if the user is deleted from AD. Also, for future reference, the system adds deleted or disabled users to the "Deleted/Disabled Users" group.
A: The IP addresses are dedicated to the platform, and the domains are owned by us. Customers do share the resources; however, they cannot send emails to other customers from their instance of Keepnet. If they tried, it would be blocked.
A: Technically, yes, but these IP addresses are only used for phishing simulation or sending the training, and it is under your control; plus, we have security controls and mitigation on our side as well. Without whitelisting, you will very likely experience deliverability issues as your email security should identify our emails as phishing and block them - obviously, using the platform is not a malicious act, but your security systems will not know this without being told to 'whitelist' or allow this sender in. However, if you are concerned about this, you can use your own SMTP server - it's easy to configure this; please just let us know.
A: Only you can send emails from these IP addresses to your own users, as explained above. If someone tried to use their instance of Keepnet to send phishing emails to your (or anyone else's) users, the Keepnet system would block this action.
Keepnet Labs undertakes the database management for cloud solutions. The cloud database environment is stored in London. However, there are also some local centres changes according to regulations. For more information, send your email to contact@keepnetlabs.com.
In the on-premise version, IP information is available in the customer's own environment and varies according to the environment in which it is located. However, in the cloud version, IP information is not shared under any circumstances.
A: The only privileged user is root@keepnetlabs.com. However, it is only used by the support team for support purposes. All activities of this account are recorded on the system.
A: Although IP restriction is not used by default, it can be configured on-demand. There is no log-on trigger feature in the current interface, but in the new interface, companies are able to activate this feature.
Yes, it is used only when necessary.
There is only one privileged user; no other privileged user is created.
A: Yes, we do.
A: We do not share privileged user information with any customer. Since all license definitions, company information, and application configurations are performed through this account. The account is highly restricted.
A: Keepnet is not an email gateway technology like Mimecast, ForcePoint, Avanan or Cisco Ironport and does not compete with them.
Keepnet Labs does not scan all emails that pass in and out of the organisation, applying rules and blocking known bad - this is an important solution that we would recommend having as part of your email defence solution.
Keepnet Labs' Incident Responder module, for instance, is a complementary product and helps to secure your business when a malicious email bypasses an email gateway, like Mimecast, Proofpoint, Barracuda, etc. Many companies use our IR module's capability to technically analyse these suspicious emails that bypass the email gateway against 60+ integrated products, then investigate all inboxes and removing the threat before it damages the organization. Rules can then be updated on the email gateway (e.g. Mimecast), in order to block this attack in the future. This is all part of layered defence to email-based attacks.
A: Yes, it is possible to integrate any solution. Currently, we have many platforms like DNS Firewall, Sandbox, exploitation tools and platforms. . Please contact us for more information from .
A: Yes, it does. MSSQL Express version comes as default in on-premise solutions. However, according to the customer's request, their own MSSQL database can be used. MSSQL Express is self-administered in the client's local network. For detailed information on database storage conditions, see: