Action Editor for Incident Responder Is Now Generally Available

Action Editor for Incident Responder Is Now Generally Available

Published
November 11, 2020

Exabeam recently released Action Editor, a new tool in the Exabeam Cloud Studio, for general availability. In this post, you will learn about services, actions, common problems, and how Action Editor from Exabeam can help.

What’s in a playbook?

Exabeam Incident Responder allows analysts to build playbooks to automate workflows using Exabeam’s internal and third-party services. Playbooks are composed of actions executed via API in third party services. For instance, security teams can automate their phishing investigations using a playbook like the one below;


Action Editor is a self-service, web-based application that lets analysts create custom actions and services with Python.
Figure 1: Exabeam ships a phishing playbook as part of its out-of-the-box templates.
 

Customizing actions

Sometimes, a security team may rely on an action within a specific tool for their workflow that is not supported out of the box. We learned from conversations with customers that this was a key barrier for adoption. While our support team and engineering teams worked hard to meet requests for specific actions, our customers increasingly demanded customization.

You asked, we listened!

Action Editor is a free application available on Exabeam Cloud Platform for all Incident Responder users. It guides you through the process to customize an out-of-the-box service and action or create your own from scratch. You can then download a zip file from the web UI and upload it into your instance of Incident Responder. This tool is best suited for analysts who have working knowledge of Python programming language. 


Action Editor is a self-service, web-based application that lets analysts create custom actions and services with Python.
Figure 2: Action Editor is a self-service, web-based application that lets analysts create custom actions and services with Python.
 

With Action Editor’s self-service capabilities, customers no longer need to wait for the newest platform release or rely solely on professional services to enable new actions in their instance. Ultimately, this accelerates time to value by allowing users to build playbooks with the workflows they designed, or custom actions beyond those available out of the box.

Want to learn more?

Customers can access our documentation to learn more about how to use Action Editor. Make sure to also check out our community resources.

Recent SIEM Articles
Exabeam Leverages the Power of SaaS to Proactively Improve Security Content and User Experience

Exabeam recently released i54, the latest version of Exabeam...

Recent Breaches Show Why Federal Agencies Need These 3 Requirements From Modern SIEMs

The SolarWinds compromise that affected multiple key federal...

New Features in Exabeam Content Library Now Available 

Exabeam recently released an update to its Content Library, ...

Escaping Dante’s SOC Inferno: Greed and the Gimme Mindset 

Let’s face it, we live in a mobile-first, always-on, data-...

Escaping Dante’s SOC Inferno: The Anger of Shattered Dreams  

What the…Hell? (An Open Letter) Cutting straight to th...




Recent Information Security Articles
Advanced Analytics Use Case: Detecting Compromised Credentials 

Stolen credentials have been a persistent problem, and organ...

Outcomes Above All: Helping Security Teams Outsmart the Odds

Author: Sherry Lowe, Chief Marketing Officer The world’s g...

Ethical Hacking: Why It’s Important & What Makes a Good Hacker

What Is ethical hacking? Ethical hacking is a practice where...

Understanding Cloud DLP: Key Features and Best Practices

Cloud DLP enables organizations to protect data residing in ...

How Lineas, Europe’s Largest Private Rail Freight Operator Found the Right Cybersecurity Tool

Vital infrastructure has become an area of concern for cyber...

What Is an Insider Threat? Understand the Problem and Discover 4 Defensive Strategies

Learn what an insider threat is and how they can hurt an org...