Cybereason

This app integrates with the Cybereason platform to perform investigative, contain, and corrective actions on Malop and Malware events

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using supplied configuration
• on poll: Callback action for the on_poll ingest functionality
• delete registry key: Deletes the specified registry key for a given malop id and machine name
• get sensor status: Get the connectivity status for all machine sensors in a Malop
• add malop comment: Add a comment to the provided Malop ID
• update malop status: Update status for the provided Malop ID such as Under Investigation, To review, etc
• isolate machine: Blocks all communication to and from the machine. Communication with the Cybereason platform is not affected
• unisolate machine: Unblocks all communication to and from the machine
• kill process: Kills the active process on the machine
• get remediation status: Gets the remediation status for a previously executed remediation action like Kill Process
• set reputation: Blacklists / Whitelists / Removes a file hash reputation so that future malop detections can quickly identify the hash
• query processes: Queries a given malop to retrieve all processes
• query machine: Queries a given machine name to retrieve all that machine's information
• query users: Queries a given user to retrieve all user-related details
• query files: Queries a given filename to retrieve all file details
• query domain: Queries a given domain name to retrieve all details of that domain
• query connections: Queries a given name to retrieve all details of that connection