Document toolboxDocument toolbox

Cybereason collector

Overview

Cybereason offers an endpoint protection platform. It delivers antivirus software, endpoint detection and response with one agent, and a suite of managed services.

Integration overview

The data is collected using a Devo Collector that can be run on the Devo Collector server or standalone in a Docker container. The data is sent and stored in the Devo platform in these tables:

  • edr.cybereason.api_malop

  • edr.cybereason.api_malware

Cybereason exposes REST API resources to extract data such as:

Resource type

Definition

Devo table

Resource type

Definition

Devo table

Malop API

Returns the list of MalOps.

A MalOp (malicious operation) gives a contextualized view of the full narrative of an attack, correlated across all impacted endpoints.

Endpoint: https://<your server address>:<port>/rest/crimes/unified

Learn more here.

edr.cybereason.api_malop

Malware API

Returns details on malware currently in your environment.

Malware is any software intentionally designed to disrupt a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or unknowingly interfere with the user's computer security and privacy.

Endpoint: https://<your server address>:<port>/rest/malware/query

Learn more here.

edr.cybereason.api_malware

Information about the endpoints

Vendor configuration

To pull the logs from the Cybereason endpoint you need:

Parameter

Description

Parameter

Description

Host

The service address of the Cybereason installation.

Port

The service port of the Cybereason installation.

Username

Your Cybereason service username.

Password

Your Cybereason service password.

With this information, the Cybereason collector can be configured later.

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

Change log

Release

Released on

Release type

Details

Recommendations

Release

Released on

Release type

Details

Recommendations

v1.4.0

May 9, 2024

IMPROVEMENT

Improvements:

  • Upgrade DC SDK to the latest version 1.11.1

  • Upgrade the Docker base image to 1.2.0

Recommended version

v1.3.0

Jan 24, 2024

IMPROVEMENT

Improvements:

  • Upgraded DCSDK from 1.9.1 to 1.10.2

Update