Cybereason

What is Cybereason EDR?

Cybereason EDR is a unified endpoint security platform for preventative protection, post-breach detection, automated investigation, and response.

Integration:

How does Cybereason EDR integrate with my Vectra platform?

Integration with Cybereason EDR adds host context to aid in host identification during a security investigation. When Detect sees a host session come online, it polls Cybereason EDR for host information. Host information may include the following:

Machine ID
Machine name
Operating system
Isolation status

Cybereason EDR host context is available under the Host Details tab of individual Host pages.

How do I enable the Cybereason EDR integration in Detect?

Cybereason Endpoint Security is configured under the EDR Integrations Tab. In your Detect UI, navigate to Settings -> EDR Integrations -> Cybereason:

Select **Edit **on the far right-hand side within the Cybereason row.
Toggle **Enable integration with Cybereason **to On.

Enter your Cybereason Endpoint Security Hostname, **Username, **and Password. The username and password should be for an account with permissions defined below. If you do not have this information, please check the section below on how to get this information correctly. The **Hostname **will be in the format hostname:port. If you were provided a **Hostname **as an URL, the **Hostname **should be entered without the scheme or any colon or slashes (eg "https://temper007.cybereason.net/"" should be entered as "temper007.cybereason.net" or "temper007.cybereason.net:443")

Click Save.
Once the credentials have been validated, the UI will provide confirmation that your configuration has been saved.
Your Cybereason EDR setup is now complete.

Where can I find my Cybereason Information to integrate with Vectra?

To get credentials for Cybereason EDR for use with Vectra:

Log into your Cybereason Dashboard
To get the Username please look at the top right corner of the dashboard to find your Username

The **Password **is the corresponding password to the Username
In order for the API to work properly ensure that the Username has the correct permissions. The username should have the "L3 Analyst and System Admin" permissions since it allows the ability to access the **Get Sensor List **and Isolate A Machine In A Malop.
The Hostname with the **Port **can be obtained by reaching Cybereason Support Team.

Why do I not see Cybereason EDR as an External Connector?

Vectra introduced native integration support for Cybereason EDR in release version 6.8. Please make sure you are running Detect version 6.8 or greater. You can check the current software version by navigating to Settings -> General -> Version in the Detect UI.

Can I use Advanced search to query for Cybereason EDR hosts?

Right now, we do not have support for advanced search for Cybereason EDR host artifacts. We plan on releasing this feature in a coming releasing.

Can Cybereason EDR be used for Host Lockdown?

Yes, Detect release version 6.8 introduced support for Host Lockdown using Cybereason EDR. For more details, please check this article.

PreviousSentinelOne NextCrowdstrike

Last updated 5 hours ago

Was this helpful?

Good evening

hashtagWhat is Cybereason EDR?

hashtagIntegration:

hashtagHow do I enable the Cybereason EDR integration in Detect?

hashtagWhere can I find my Cybereason Information to integrate with Vectra?

hashtagWhy do I not see Cybereason EDR as an External Connector?

hashtagCan I use Advanced search to query for Cybereason EDR hosts?

hashtagCan Cybereason EDR be used for Host Lockdown?