KEEPNET LABS > Solutions > Incident Responder

Incident Responder

Analyze, investigate and respond to email threats with our cost-effective, fast, fully automated email analysis platform.


Integrate existing technologies with Incident Responder to boost threat detection and malware analysis capabilities.

Hunt and remove threats from inboxes in a minute.


Don’t panic! Fully automated by Playbooks or manually triggered by the SOC team, Incident Responder helps you to find a suspicious email in your employee’s inbox and removes or quarantines it in under a minute.

Mail Configuration

Incident Responder integrations with email services like Office 365, Google Workspace, Exchange Online or On-Prem Exchange EWS are standard—no MX record changes are needed.

Automate your process

Customizable Playbook features enable you to create rules to classify reported email by header, body and attachment, allowing the system to easily analyze the technical criteria needed to identify malicious activity.

No expert skill set is needed to create rules to classify suspicious email and automate the appropriate response.

Create and/or conditions
Super-easy interface
Notify users and delete emails
Crowdsourcing Threat Responses

Crowdsourcing Threat Responses

You are no longer alone in the fight against hackers.

When you join the Keepnet Labs community, you’re able to leverage other customers’ successful technologies and share your own detection capabilities. Our integrations— combined with our private, anonymous approach—make an effective crowdsourced threat community a reality.

One safe, all safe!

Phishing Reporter

Enable employees to immediately report suspicious emails to Incident Responder and your SOC team using Phishing Reporter. Phishing Reporter works seamlessly with Outlook Desktop on Windows and Apple MacBook, Outlook Mobile, Google Workspace, Office 365 and does not need integration with your email server to analyze and respond to email-based attacks.

Find Suspicious Emails in Archive

The suspicious or fraudulent email could be archived, not visible in user inboxes or on your email server. Only Keepnet Labs Phishing Reporter finds archived suspicious emails and mitigates their risk.

Diagnostic Tool

Phishing Reporter’s Diagnostic Tool tells you which users have the reporting plugin or how many of the plugins are disabled and then automatically enables them.

Integrating plugin installation results with your monitoring tools ensures all employees have Phishing Reporter working as expected.

Get Your Private Demo Session

Book a free 30-minute video call with our experts.


With built-in integrated services, you don’t need to invest in other anti-malware sandbox or threat intelligence solutions.

Reducing time and effort

Incident Responder reduces the time and effort that your SOC team puts into analyzing malicious emails.

Automatic removal of threats

Suspicious emails can be deleted from the user’s inbox automatically or once the SOC team triggers this action.

Analysis service

Keepnet’s analysis service provides extra security measures to complement your current analysis, detection and prevention efforts and provides effective integration with third-party systems (SOAR, SIEM, Antispam, DLP, etc.).

Protecting Users

Incident Responder protects a user before they become a victim of a phishing attack or a more sophisticated breach such as typosquatting.

Results reported to users

Incident Responder allows analysis results to be reported directly to users to warn them.

AI Support

Incident Responder provides artificial intelligence support to detect zero-day attacks and tactics. One example: Uncategorized newborn threats and not classified attacks could be detected by AI to prevent data breaches!

Channel Partner

Reselling Partners

The advantages of becoming a Keepnet Labs partner

MSSP Partner Program

Managed Service Provider

Everything you need to scale your business quickly and efficiently

Use Cases

Payment Swift Phishing Incident Responder

Today, cyber attackers trick targeted users with sophisticated social engineering attacks that make technological precautions inadequate. A spear-phishing email with a title like “Payment swift 034954053917” could not be detected by many email security components on the day it spread.

Use Cases

How to Respond to Phishing Attacks

Keepnet IR can help you to respond to phishing attacks rapidly, with the goal of saving your organization from experiencing significant loss or disruption. Once detected, we can stop malicious email spreading to other users by scanning all users’ inboxes, checking for matching threat emails (or any other variants) and…


Incident Responder

Incidents of email-based attack are reported by end-users (using our plugin technology), SOC team members and 3rd party IOC feeds to the Keepnet Incident Response Platform (IRP). Once received, the IRP analyses the header, body and attachments using our proprietary technology in addition to a number of integrated, best-in-class services for Anti-Spam, URL Reputation, Anti-Virus, […]