Old UI
  • Documentation Platform
    • Technical Guide
      • Whitelisting
        • Whitelisting the Pictures on Microsoft Outlook Apps
      • Minimum Requirements
      • On-Premise Requirements
        • Restricting the Access to Portal According IP
          • How to Import SSL Certificates in IIS
        • Why does the disk on the server fill up fast?
      • Getting Started
      • Phishing Simulator
      • Awareness Educator
      • Incident Responder
        • How does investigation mechanism work?
          • Benefits of Phishing Incident Responder
          • Reverse Engineering Support
          • Privacy and Security
          • Audit
          • Integrations
        • API Settings
          • Configuration steps for Office 365: Microsoft Graph App Configuration
          • Exchange Mail Configuration
          • GSuite API Configuration Guide
          • Gsuite Mail Configration
        • Analysing Suspicious Emails
          • Starting an Automatic Incident Investigation
          • Starting a Manual Incident Investigation
          • Playbook
        • FAQ (Incident Responder&Phishing Reporter)
      • Phishing Reporter Add-In
        • Installation
        • Microsoft Defender Email Reporter Add-In
      • Email Threat Simulator (ETS)
        • Creating a Trusted Account for E-mail Security Tests
          • Restriction of the Authority of the Test Account
          • Restrict Email Address
          • Enable Mailbox Audit Logging for Test Account
        • Dashboard
        • Quick Scan
        • Advanced Scan
        • Interpretation of ETS Report
        • FAQ ( ETS)
      • Threat Intelligence
        • FAQ (Threat Intelligence)
      • Report Manager
        • Phishing Campaign Report List
          • Phishing Campaign Summary
          • Statistics
          • Opened Email
          • Clicked Link in The Phishing Campaign Email
          • Submitted Form
          • Opened Attachment
          • Phishing Reporter
          • Campaign No response
          • Email Delivery Report
          • Phishing User Compare
          • Departments
        • Training Campaign Reports
          • Training Summary
          • Training Statistics
          • Opened Training Email
          • Clicked Training Link
          • View Duration
          • No Response
          • Sending Report
          • Training User Compare
          • Exam
        • Users KPI
          • User-based Grade
          • Department-based Grade
          • Target Group based grade
          • Company-based grade
        • Advanced Reporting
      • Company
        • User Role Management
      • Advanced Settings
        • Allow Email Domains
        • White Labelling
        • LDAP Settings
        • SCIM Integrations
        • Notification Templates
          • Short Codes
          • Using Notification Templates
        • Data Anonymisation
      • Available for Option
      • API Guide
        • REST API for Incident Responder (IR) Operation
        • REST API for SSO Authentication
      • Diagnostic Tool
        • FAQ
    • Maintenance Tool
    • FAQ (All Modules)
      • Video Tutorials
        • Quick Start
        • Google Workspace API Configuration Guide
        • On Premise Requirement Checker Video
        • Phishing Reporter Installation & Deployment
Powered by GitBook
On this page
  1. Documentation Platform
  2. Technical Guide
  3. Incident Responder

Analysing Suspicious Emails

Incidents of email-based attack are reported in three ways to the Keepnet Incident Response Platform (IRP).

  1. By end-users (using our plugin technology),

  2. SOC team members,

  3. Third-party IOC feeds

Once received, the IRP analyses the header, body and attachments using our proprietary technology in addition to a number of integrated, best-in-class services for Anti-Spam, URL Reputation, Anti-Virus, Malware Sandboxing etc.

The platform will also integrate and automate other threat analysis services you may have, such as Fireeye, Bluecoat or Palo Alto, saving you time and reducing your technical dependency. It is a simple process to create custom rules, playbooks and workflow to ensure Keepnet IRP responds to threats in ways that suit your specific policies.

On completion of the analysis, Keepnet IRP delivers detailed results, with industry-leading certainty, to the SOC team for further investigation and response.

INCIDENT INVESTIGATION & RESPONSE

A unique feature and major benefit of the platform's IRP is all investigation is done directly on the user’s inbox instead of at the server exchange, giving you maximum agility and reducing response time.

After finding all instances of an attack, the platform's IRP offers a suite of response options. Malicious messages can be flagged with a warning in the user’s inbox, and they can be deleted from the inbox, or we can call a custom API to perform another action, e.g. call the user’s phone.

Additionally, the platform's IRP will generate SNORT and YARA alarm signatures to update your other cyber-security technologies.

PreviousGsuite Mail ConfigrationNextStarting an Automatic Incident Investigation

Last updated 2 years ago