Cybereason app icon

Cybereason

This app integrates with the Cybereason platform to perform investigative, contain, and corrective actions on Malop and Malware events

Built by
soar product badge
Latest Version 2.4.2
April 28, 2025
Compatibility
SOAR On-Prem, SOAR Cloud
Platform Version: 8.4, 8.0, 7.2, 7.1, 7.0, 6.4, 6.3, 6.2, 6.1, 6.0, 5.5, 5.4, 5.3
Rating

0

(0)

Log in to rate this app
Support
Cybereason support icon
Not Supported
This app integrates with the Cybereason platform to perform investigative, contain, and corrective actions on Malop and Malware events

Supported Actions

  • test connectivity: Validate the asset configuration for connectivity using supplied configuration
  • on poll: Callback action for the on_poll ingest functionality
  • delete registry key: Deletes the specified registry key for a given malop ID and machine name
  • get sensor status: Get the connectivity status for all machine sensors in a Malop
  • add malop comment: Add a comment to the provided Malop ID
  • update malop status: Update status for the provided Malop ID such as Under Investigation, To review, etc
  • isolate machine: Blocks all communication to and from the machine. Communication with the Cybereason platform is not affected
  • unisolate machine: Unblocks all communication to and from the machine
  • isolate specific machine: Blocks all communication to and from the machine identified by the given Name or IP. Communication with the Cybereason platform is not affected
  • unisolate specific machine: Unblocks all communication to and from the machine identified by the given Name or IP. Communication with the Cybereason platform is not affected
  • kill process: Kills the active process on the machine
  • get remediation status: Gets the remediation status for a previously executed remediation action like Kill Process
  • set reputation: Blacklists / Whitelists / Removes a file hash reputation so that future malop detections can quickly identify the hash
  • query processes: Queries a given malop to retrieve all processes
  • query machine: Queries a given machine name to retrieve all that machine's information
  • query machine ip: Queries a given machine IP to retrieve all that machine's information
  • query users: Queries a given user to retrieve all user-related details
  • query files: Queries a given filename to retrieve all file details
  • query domain: Queries a given domain name to retrieve all details of that domain
  • query connections: Queries a given name to retrieve all details of that connection
  • upgrade sensor: Upgrade a sensor
  • restart sensor: Restart a sensor

Categories

Endpoint

Created By

SOAR Community

Source Code

GitHub(Opens new window)

Type

connector

Downloads

980

Featured in Collection

Detection and Response

Licensing

Apache License 2.0(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing