Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an app
Cybereason app icon

Cybereason

This app integrates with the Cybereason platform to perform investigative, contain, and corrective actions on Malop and Malware events

Built by
soar product badge
Latest Version 2.4.2
April 28, 2025
Compatibility
Not Available
Platform Version: 7.0, 6.4, 6.3, 6.2, 6.1, 6.0, 5.5, 5.4, 5.3
Rating

0

(0)

Log in to rate this app
Support
Cybereason support icon
Not Supported
Ranking

#50

in Endpoint
This app integrates with the Cybereason platform to perform investigative, contain, and corrective actions on Malop and Malware events

Supported Actions

  • test connectivity: Validate the asset configuration for connectivity using supplied configuration
  • on poll: Callback action for the on_poll ingest functionality
  • delete registry key: Deletes the specified registry key for a given malop ID and machine name
  • get sensor status: Get the connectivity status for all machine sensors in a Malop
  • add malop comment: Add a comment to the provided Malop ID
  • update malop status: Update status for the provided Malop ID such as Under Investigation, To review, etc
  • isolate machine: Blocks all communication to and from the machine. Communication with the Cybereason platform is not affected
  • unisolate machine: Unblocks all communication to and from the machine
  • isolate specific machine: Blocks all communication to and from the machine identified by the given Name or IP. Communication with the Cybereason platform is not affected
  • unisolate specific machine: Unblocks all communication to and from the machine identified by the given Name or IP. Communication with the Cybereason platform is not affected
  • kill process: Kills the active process on the machine
  • get remediation status: Gets the remediation status for a previously executed remediation action like Kill Process
  • set reputation: Blacklists / Whitelists / Removes a file hash reputation so that future malop detections can quickly identify the hash
  • query processes: Queries a given malop to retrieve all processes
  • query machine: Queries a given machine name to retrieve all that machine's information
  • query machine ip: Queries a given machine IP to retrieve all that machine's information
  • query users: Queries a given user to retrieve all user-related details
  • query files: Queries a given filename to retrieve all file details
  • query domain: Queries a given domain name to retrieve all details of that domain
  • query connections: Queries a given name to retrieve all details of that connection
  • upgrade sensor: Upgrade a sensor
  • restart sensor: Restart a sensor

Categories

Created By

SOAR Community

Source Code

Type

connector

Downloads

936

Featured in Collection

Detection and Response

Licensing

Splunk Answers

Resources

Log in to report this app listing