Keepnet Labs Logo
Keepnet Labs > solutions > incident-responder
Incident Responder Logo

Incident Responder

Train your employees against phishing and malicious email attacks.

a series of illustrations of Keepnet Labs Incident Responder Application


Integrate existing technologies with Incident Responder to boost threat detection and malware analysis capabilities. Hunt and remove threats from inboxes in a minute.

an illustration of woman checking integrations


Don’t panic! Fully automated by Playbooks or manually triggered by the SOC team, Incident Responder helps you to find a suspicious email in your employee’s inbox and removes or quarantines it in under a minute.

an illustration of a man standing in front of a computer screen and checking reports

Mail Configuration

Incident Responder integrations with email services like Office 365, Google Workspace, Exchange Online or On-Prem Exchange EWS are standard—no MX record changes are needed.

an illustration of a laptop with an email envelope coming out of it

Automate Your Process

Customizable Playbook features enable you to create rules to classify reported email by header, body and attachment, allowing the system to easily analyze the technical criteria needed to identify malicious activity. No expert skill set is needed to create rules to classify suspicious email and automate the appropriate response.

a screenshot of a user's workflow diagram.
Create and/or conditionsCreate and/or conditions
Super-easy interfaceSuper-easy interface
Notify users and delete emailsNotify users and delete emails
Crowdsourcing Threat ResponsesCrowdsourcing Threat Responses

Crowdsourcing Threat Responses

You are no longer alone in the fight against hackers. When you join the Keepnet Labs community, you’re able to leverage other customers’ successful technologies and share your own detection capabilities. Our integrations— combined with our private, anonymous approach—make an effective crowdsourced threat community a reality. One safe, all safe!

an illustration of a human in front of screen

Phishing Reporter

Enable employees to immediately report suspicious emails to Incident Responder and your SOC team using Phishing Reporter. Phishing Reporter works seamlessly with Outlook Desktop on Windows and Apple MacBook, Outlook Mobile, Google Workspace, Office 365 and does not need integration with your email server to analyze and respond to email-based attacks.

an illustration of two people sitting at a desk in front of a computer checking report and thinking

Find Suspicious Emails in Archive

The suspicious or fraudulent email could be archived, not visible in user inboxes or on your email server. Only Keepnet Labs Phishing Reporter finds archived suspicious emails and mitigates their risk.

a person putting files in to a folder

Diagnostic Tool

Phishing Reporter’s Diagnostic Tool tells you which users have the reporting plugin or how many of the plugins are disabled and then automatically enables them. Integrating plugin installation results with your monitoring tools ensures all employees have Phishing Reporter working as expected.

a person updating devices status


With built-in integrated services, you don’t need to invest in other anti-malware sandbox or threat intelligence solutions.

Reducing time and effort

Reducing time and effort

Incident Responder reduces the time and effort that your SOC team puts into analyzing malicious emails.

Automatic removal of threats

Automatic removal of threats

Suspicious emails can be deleted from the user’s inbox automatically or once the SOC team triggers this action.

Analysis service

Analysis service

Keepnet’s analysis service provides extra security measures to complement your current analysis, detection and prevention efforts and provides effective integration with third-party systems (SOAR, SIEM, Antispam, DLP, etc.).

Protecting Users

Protecting Users

Incident Responder protects a user before they become a victim of a phishing attack or a more sophisticated breach such as typosquatting.

Results reported to users

Results reported to users

Incident Responder allows analysis results to be reported directly to users to warn them.

AI Support

AI Support

Incident Responder provides artificial intelligence support to detect zero-day attacks and tactics. One example: Uncategorized newborn threats and not classified attacks could be detected by AI to prevent data breaches!


A technology that covers all phases of email attacks

When cybercriminals intent to attack an organization for a number of purposes, i.e. to exfiltrate data, or lock the systems, they follow a series of phases that constitute an attack lifecycle

Increase Awareness

Increase Awareness

Simulate phishing attacks and enroll trainings to increase awareness.

Employees Participate

Employees Participate

Let your co-workers report suspicious emails via Phishing Reporter add-in.

Support Heroes

Support Heroes

Our superheroes are always there to keep you out of trouble anytime.

Patent Pending Tech

Patent Pending Tech

Let our unique technologies help you keep your organization secure.


Get Your Private Demo Session

Book a free 30-minute demo call with our experts and discover how we can help you manage human risk in your organization.

iso 27017 certificate
iso 27018 certificate
iso 27001 certificate
ukas 20382 certificate
Cylon certificate
Crown certificate
Gartner certificate
Tech Nation certificate