Cybereason

Version: Cybereason 17.3 and later.

The Cybereason solution combines endpoint prevention, detection, and response in all-in-one lightweight agent.

Netsurion Open XDR supports Cybereason, monitors the Cybereason and generates the alerts and reports for critical events like MALOP creation, malware or threat detection, user activities, etc. The saved search and dashboards help to monitor critical and top activities in the Cybereason.

Netsurion Open XDR monitors all the Cybereason events which are given below.

  • Security – MALOP created or updated, Threat detection, critical threat events.
  • Operation – User activities, user remediation activities, user MALOP investigation details.
  • Compliance – Device detected with a threat, user login details.

Once events are received into Netsurion Open XDR, Reports, Knowledge Objects, Categories and Dashboards can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Cybereason – Malop Created This alert is generated when new malop is created on Cybereason.
Security Cybereason – Malop Updated This alert is generated when an existing malop event is updated.
Security Cybereason – Malware detected This alert is generated when malware or suspicious threat is detected by Cybereason.
Security Cybereason – Malware Updated This alert is generated when the existing malware state is updated.
Security Cybereason – Threat not mitigated This alert is generated when malware is detected and has failed to mitigate.
Security Cybereason – User login failed This alert is generated when the user fails to log into the console.

Reports

Type Name Description
Security Cybereason – User login failed activities This report gives information about, the user who has failed to login into the console, along with user and device information like IP address, hostname, and its role.
Security Cybereason – Malop created or updated details This report gives information on MALOP created or updated, along with MALOP information.
Security Cybereason – Threat detected and updated details This report gives detailed information on malware or threat (fileless, ai analytics or known malware) detected or suspected by the Cybereason. It contains information on resolved threat, that can be identified by the severity 1 in case of completed, 5 in case of threat detected.  
Security Cybereason – Not mitigated threat details This report gives information on the critical threat which has failed to mitigate by Cybereason.
Operations Cybereason – User activities This report gives detailed information on user action taken place on Cybereason activities like (custom rule creation, Change in configuration settings, sensor management).
Operations Cybereason – User malop investigation activities This report gives detailed information on user action on investigating malop activities like (threat remediation, change in malop state, remediation details, machine isolation details)
Compliance Cybereason – User login and logout activities This report gives information about the user login and logout activities in the console, along with user and device information like IP address, hostname, and its role.
Compliance Cybereason – Malop device information details This report gives information on the device in which Malop incident has been detected. This report will help to investigate the malop activity when correlated with the malop created or updated details report.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.x and later, and Cybereason.

Download Integration Guide for configuration instructions and more information.