Analyze, investigate and respond to email threats with our cost-effective, fast, fully automated email analysis platform.


Integrate existing technologies with Incident Responder to boost threat detection and malware analysis capabilities.

Hunt and remove threats from inboxes in a minute.


Don’t panic! Fully automated by Playbooks or manually triggered by the SOC team, Incident Responder helps you to find a suspicious email in your employee’s inbox and removes or quarantines it in under a minute.

Mail Configuration

Incident Responder integrations with email services like Office 365, Google Workspace, Exchange Online or On-Prem Exchange EWS are standard—no MX record changes are needed.

Automate your process

Customizable Playbook features enable you to create rules to classify reported email by header, body and attachment, allowing the system to easily analyze the technical criteria needed to identify malicious activity.

No expert skill set is needed to create rules to classify suspicious email and automate the appropriate response.

Crowdsourcing Threat Responses

You are no longer alone in the fight against hackers.

When you join the Keepnet Labs community, you’re able to leverage other customers’ successful technologies and share your own detection capabilities. Our integrations— combined with our private, anonymous approach—make an effective crowdsourced threat community a reality.

One safe, all safe!

Phishing Reporter

Enable employees to immediately report suspicious emails to Incident Responder and your SOC team using Phishing Reporter. Phishing Reporter works seamlessly with Outlook Desktop on Windows and Apple MacBook, Outlook Mobile, Google Workspace, Office 365 and does not need integration with your email server to analyze and respond to email-based attacks.

Find Suspicious Emails in Archive

The suspicious or fraudulent email could be archived, not visible in user inboxes or on your email server. Only Keepnet Labs Phishing Reporter finds archived suspicious emails and mitigates their risk.

Diagnostic Tool

Phishing Reporter’s Diagnostic Tool tells you which users have the reporting plugin or how many of the plugins are disabled and then automatically enables them.

Integrating plugin installation results with your monitoring tools ensures all employees have Phishing Reporter working as expected.

Get Your Private Demo Session

Book a free 30-minute video call with our experts.

Get Demo