Playbook

Keepnet's Incident Response module meets enterprise needs by automating analysis and incident response processes to facilitate business. It helps businesses to start an investigation with certain criteria set as a rule set in the Playbook feature.

To set a rule, follow Incident Investigation > Playbook > New Rule path.

Defining Conditions

Then start typing your rule for Automatic Investigation. For instance, in the sample below, we define a new rule for the james@keepnetlabs.com. Then we click on the Next button to define set actions for anyone to get an email from james@keepnetlabs.com.

Defining Actions

Action 1: Marking the Email

We set actions when users get an email from james@keepnetlabs.com. In the screenshot below, anyone who gets an email from james@keepnetlabs.com will be notified with a mark in the email as Malicious.

Action 2: Tagging Users

You can tag the email by any statement. See the screenshot below.

Action 3: Notifying the Users

You can notify users by selecting your target user.

Action 4: Analysing the Email With a Specific Engine

You can analyse the email by selecting a specific engine like the screenshot below.

Action 5: Starting An Investigation

You can start an investigation by setting up the variables.