Playbook
Keepnet's Incident Response module meets enterprise needs by automating analysis and incident response processes to facilitate business. It helps businesses to start an investigation with certain criteria set as a rule set in the Playbook feature.
To set a rule, follow Incident Investigation > Playbook > New Rule path.
Defining Conditions
Then start typing your rule for Automatic Investigation. For instance, in the sample below, we define a new rule for the james@keepnetlabs.com. Then we click on the Next button to define set actions for anyone to get an email from james@keepnetlabs.com.
Defining Actions
Action 1: Marking the Email
We set actions when users get an email from james@keepnetlabs.com. In the screenshot below, anyone who gets an email from james@keepnetlabs.com will be notified with a mark in the email as Malicious.
Action 2: Tagging Users
You can tag the email by any statement. See the screenshot below.
Action 3: Notifying the Users
You can notify users by selecting your target user.
Action 4: Analysing the Email With a Specific Engine
You can analyse the email by selecting a specific engine like the screenshot below.
Action 5: Starting An Investigation
You can start an investigation by setting up the variables.
Last updated