Cybereason collector
Overview
Cybereason offers an endpoint protection platform. It delivers antivirus software, endpoint detection and response with one agent, and a suite of managed services.
Integration overview
The data is collected using a Devo Collector that can be run on the Devo Collector server or standalone in a Docker container. The data is sent and stored in the Devo platform in these tables:
edr.cybereason.api_malop
edr.cybereason.api_malware
Cybereason exposes REST API resources to extract data such as:
Resource type | Definition | Devo table |
---|---|---|
Malop API | Returns the list of MalOps. A MalOp (malicious operation) gives a contextualized view of the full narrative of an attack, correlated across all impacted endpoints. Endpoint: Learn more here. |
|
Malware API | Returns details on malware currently in your environment. Malware is any software intentionally designed to disrupt a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or unknowingly interfere with the user's computer security and privacy. Endpoint: Learn more here. |
|
Information about the endpoints
Log in with the API: https://nest.cybereason.com/api-documentation/all-versions/authentication.html
MalOp endpoint info: https://nest.cybereason.com/documentation/api-documentation/all-versions/get-malops#getmalops
Malware endpoint info: https://nest.cybereason.com/documentation/api-documentation/all-versions/query-malware-types#querymalware
Vendor configuration
To pull the logs from the Cybereason endpoint you need:
Parameter | Description |
---|---|
Host | The service address of the Cybereason installation. |
Port | The service port of the Cybereason installation. |
Username | Your Cybereason service username. |
Password | Your Cybereason service password. |
With this information, the Cybereason collector can be configured later.
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).
Change log
Release | Released on | Release type | Details | Recommendations |
---|---|---|---|---|
| May 9, 2024 | IMPROVEMENT | Improvements:
|
|
| Jan 24, 2024 | IMPROVEMENT | Improvements:
|
|