FAQ (Incident Responder&Phishing Reporter)
Last updated
Last updated
A: No, it does not. Users cannot view the contents of any email in the inbox.
A: Yes, we can. Many institutions manage the add-in (install, uninstall, enable, disable) with central administration tools, for example, Microsoft SCCM, IBM Bigfix.
A: The platform generates a random key that is unique for each customer then encrypts all reported emails on disk with AES 256 algorithm
A: The platform uses “Code Signing with Microsoft Authenticode” to protect tools against a hacking attempt. For more information, please .
A: Yes, it is possible to integrate any solution. Sometimes you may need to request support from us; please contact us to discuss this matter .
A: The platform logs all operations in detail and transmits a copy of them to SIEM products in real-time. In this case, you can observe the behaviour of users, create an alert for abnormal situations and take action, or you can use the logs at audit time.
A: Keepnet Labs provides in-depth reporting option to various users within its interface.
Yes, if you follow the path Incident Response> Task> New Task on the platform interface, you can send an email notification to both user and system administrators and alternate SOC teams.
A: Yes, you have the feature for an automatic investigation by which and you can detect and remove the suspicious email or any of its variant in any of your users' inboxes, and you can automatically report it.
A: Yes, all logs are kept under the C:\Users\Public\KeepnetLabs\AuiditLog directory. You can transfer this to Arcsight with your Syslog tool.
A: We can test system resources through stress testing. At the same time, there is a queuing mechanism that we use to prevent the blowout. The mechanism operates by putting the notifications in order.
A: The operation is run in a maximum of 60 + random seconds. But we can shorten this time.
A: By default, we ask the file hash; if it has not been scanned before, we send the file itself. If you do not want to send the file under any circumstances, you can prevent this by creating a task in our interface.
A: We analyse the suspicious email by Header, body and attachment using our third-party engines integrated into our interface. It is possible to add a new analysis service here.
A: Active: The user who actively use phishing reporter add-in.
Passive: The user doesn't use phishing reporter add-in.
A: We use 1028 bit AES encryption in order to encrypt the attached file and stores them on the disk.