Cybereason

EventTracker monitors all the Cybereason events which are given below.

Security – MALOP created or updated, Threat detection, critical threat events.
Operation – User activities, user remediation activities, user MALOP investigation details.
Compliance: Device detected with a threat, user login details.

Reports

Cybereason - User login and logout activities – This report gives information about the user login and logout activities in the console, along with user and device information like IP address, hostname, and its role.
Cybereason - Malop device information details – This report gives information on the device in which Malop incident has been detected. This report will help to investigate the malop activity when correlated with the malop created or updated details report.

Alerts

Cybereason - Malop Created – This alert is generated when new malop is created on Cybereason.
Cybereason - Malop Updated – This alert is generated when an existing malop event is updated.
Cybereason - Malware detected – This alert is generated when malware or suspicious threat is detected by Cybereason.
Cybereason - Malware Updated – This alert is generated when the existing malware state is updated.
Cybereason - Threat not mitigated – This alert is generated when malware is detected and has failed to mitigate.
Cybereason - User login failed -This alert is generated when the user fails to log into the console.

Reports

Cybereason - User login failed activities – This report gives information about, the user who has failed to login into the console, along with user and device information like IP address, hostname, and its role.
Cybereason - Malop created or updated details – This report gives information on MALOP created or updated, along with MALOP information.
Cybereason - Threat detected and updated details – This report gives detailed information on malware or threat (fileless, ai analytics or known malware) detected or suspected by the Cybereason. It contains information on resolved threat, that can be identified by the severity 1 in case of completed, 5 in case of threat detected.
Cybereason - Not mitigated threat details -This report gives information on the critical threat which has failed to mitigate by Cybereason.

Reports

Cybereason – User activities – This report gives detailed information on user action taken place on Cybereason activities like (custom rule creation, Change in configuration settings, sensor management).
Cybereason - User malop investigation activities– This report gives detailed information on user action on investigating malop activities like (threat remediation, change in malop state, remediation details, machine isolation details)

The configuration details are consistent with EventTracker version 9.x and later, and Cybereason 17.3 and later should be installed.

For more information please refer to the Cybereason Integration guide