Old UI
  • Documentation Platform
    • Technical Guide
      • Whitelisting
        • Whitelisting the Pictures on Microsoft Outlook Apps
      • Minimum Requirements
      • On-Premise Requirements
        • Restricting the Access to Portal According IP
          • How to Import SSL Certificates in IIS
        • Why does the disk on the server fill up fast?
      • Getting Started
      • Phishing Simulator
      • Awareness Educator
      • Incident Responder
        • How does investigation mechanism work?
          • Benefits of Phishing Incident Responder
          • Reverse Engineering Support
          • Privacy and Security
          • Audit
          • Integrations
        • API Settings
          • Configuration steps for Office 365: Microsoft Graph App Configuration
          • Exchange Mail Configuration
          • GSuite API Configuration Guide
          • Gsuite Mail Configration
        • Analysing Suspicious Emails
          • Starting an Automatic Incident Investigation
          • Starting a Manual Incident Investigation
          • Playbook
        • FAQ (Incident Responder&Phishing Reporter)
      • Phishing Reporter Add-In
        • Installation
        • Microsoft Defender Email Reporter Add-In
      • Email Threat Simulator (ETS)
        • Creating a Trusted Account for E-mail Security Tests
          • Restriction of the Authority of the Test Account
          • Restrict Email Address
          • Enable Mailbox Audit Logging for Test Account
        • Dashboard
        • Quick Scan
        • Advanced Scan
        • Interpretation of ETS Report
        • FAQ ( ETS)
      • Threat Intelligence
        • FAQ (Threat Intelligence)
      • Report Manager
        • Phishing Campaign Report List
          • Phishing Campaign Summary
          • Statistics
          • Opened Email
          • Clicked Link in The Phishing Campaign Email
          • Submitted Form
          • Opened Attachment
          • Phishing Reporter
          • Campaign No response
          • Email Delivery Report
          • Phishing User Compare
          • Departments
        • Training Campaign Reports
          • Training Summary
          • Training Statistics
          • Opened Training Email
          • Clicked Training Link
          • View Duration
          • No Response
          • Sending Report
          • Training User Compare
          • Exam
        • Users KPI
          • User-based Grade
          • Department-based Grade
          • Target Group based grade
          • Company-based grade
        • Advanced Reporting
      • Company
        • User Role Management
      • Advanced Settings
        • Allow Email Domains
        • White Labelling
        • LDAP Settings
        • SCIM Integrations
        • Notification Templates
          • Short Codes
          • Using Notification Templates
        • Data Anonymisation
      • Available for Option
      • API Guide
        • REST API for Incident Responder (IR) Operation
        • REST API for SSO Authentication
      • Diagnostic Tool
        • FAQ
    • Maintenance Tool
    • FAQ (All Modules)
      • Video Tutorials
        • Quick Start
        • Google Workspace API Configuration Guide
        • On Premise Requirement Checker Video
        • Phishing Reporter Installation & Deployment
Powered by GitBook
On this page
  • Q: Does the incident responder violate the user privacy?
  • Q: Can we centralise the distribution of add-in?
  • Q: Are the emails sent by users for analysis securely stored on the server?
  • Q: Can an Attacker hijack Outlook Add-in?
  • Q: Can I integrate this solution with the security products I have?
  • Q: How can our audit teams oversee and control the people and their operations that govern the Keepnet interface?
  • Q: How do you report the incidents analysed, investigated and responded?
  • Q: If the reported email is appeared to be non-malicious, can we send an e-mail the user stating that the email does not contain any threats?
  • Q: If the suspicious email analysed is malicious, can we delete this email from the inboxes without any intervention?
  • Q: Does the app have ArcSight integration? (For logging of events such as phishing mail/deletion etc.)
  • Q: During the installation, we considered one email as suspicious and made an analysis. We would also like to test whether the server resources are sufficient for more than one analysis or in different scenarios. How can we move on?
  • Q: When we search for suspicious mail from the Incident Investigation tab, we have to wait too long. How can we shorten this time?
  • Q: How to a suspicious email is analysed by VirusTotal? Are the file hashes sent to VirusTotal, or does the application has its own file analytics?
  • Q: How do you analyse the emails? Which tools are used for analysis?
  • Q: What are the meaning of Active and Passive in the Phishing Reporter Add-in Section?
  • Q: How does the platform store reported suspicious email's attachments?
  1. Documentation Platform
  2. Technical Guide
  3. Incident Responder

FAQ (Incident Responder&Phishing Reporter)

Q: Does the incident responder violate the user privacy?

A: No, it does not. Users cannot view the contents of any email in the inbox.

Q: Can we centralise the distribution of add-in?

A: Yes, we can. Many institutions manage the add-in (install, uninstall, enable, disable) with central administration tools, for example, Microsoft SCCM, IBM Bigfix.

Q: Are the emails sent by users for analysis securely stored on the server?

A: The platform generates a random key that is unique for each customer then encrypts all reported emails on disk with AES 256 algorithm

Q: Can an Attacker hijack Outlook Add-in?

A: The platform uses “Code Signing with Microsoft Authenticode” to protect tools against a hacking attempt. For more information, please click here.

Q: Can I integrate this solution with the security products I have?

A: Yes, it is possible to integrate any solution. Sometimes you may need to request support from us; please contact us to discuss this matter support@keepnetlabs.com.

Q: How can our audit teams oversee and control the people and their operations that govern the Keepnet interface?

A: The platform logs all operations in detail and transmits a copy of them to SIEM products in real-time. In this case, you can observe the behaviour of users, create an alert for abnormal situations and take action, or you can use the logs at audit time.

Q: How do you report the incidents analysed, investigated and responded?

A: Keepnet Labs provides in-depth reporting option to various users within its interface.

Q: If the reported email is appeared to be non-malicious, can we send an e-mail the user stating that the email does not contain any threats?

Yes, if you follow the path Incident Response> Task> New Task on the platform interface, you can send an email notification to both user and system administrators and alternate SOC teams.

Q: If the suspicious email analysed is malicious, can we delete this email from the inboxes without any intervention?

A: Yes, you have the feature for an automatic investigation by which and you can detect and remove the suspicious email or any of its variant in any of your users' inboxes, and you can automatically report it.

Q: Does the app have ArcSight integration? (For logging of events such as phishing mail/deletion etc.)

A: Yes, all logs are kept under the C:\Users\Public\KeepnetLabs\AuiditLog directory. You can transfer this to Arcsight with your Syslog tool.

Q: During the installation, we considered one email as suspicious and made an analysis. We would also like to test whether the server resources are sufficient for more than one analysis or in different scenarios. How can we move on?

A: We can test system resources through stress testing. At the same time, there is a queuing mechanism that we use to prevent the blowout. The mechanism operates by putting the notifications in order.

Q: When we search for suspicious mail from the Incident Investigation tab, we have to wait too long. How can we shorten this time?

A: The operation is run in a maximum of 60 + random seconds. But we can shorten this time.

Q: How to a suspicious email is analysed by VirusTotal? Are the file hashes sent to VirusTotal, or does the application has its own file analytics?

A: By default, we ask the file hash; if it has not been scanned before, we send the file itself. If you do not want to send the file under any circumstances, you can prevent this by creating a task in our interface.

Q: How do you analyse the emails? Which tools are used for analysis?

A: We analyse the suspicious email by Header, body and attachment using our third-party engines integrated into our interface. It is possible to add a new analysis service here.

Q: What are the meaning of Active and Passive in the Phishing Reporter Add-in Section?

A: Active: The user who actively use phishing reporter add-in.

Passive: The user doesn't use phishing reporter add-in.

Q: How does the platform store reported suspicious email's attachments?

A: We use 1028 bit AES encryption in order to encrypt the attached file and stores them on the disk.

PreviousPlaybookNextPhishing Reporter Add-In

Last updated 1 year ago

IR Dashboard-Phishing Reporter Add-in