Cybereason

Endpoint detection and response to manage and query malops, connections and processes.

Endpoint · Cybereason

Configuration parameters

  • server — Server URL (e.g. https://192.168.0.1) (required)
  • credentials — Credentials
  • unsecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • isFetch — Fetch incidents
  • incidentType — Incident type
  • fetch_time — First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)
  • fetch_by — Fetch by "MALOP UPDATE TIME" (Fetching by Malop creation time is no longer supported)
  • enable_epp_poll — Check this box to Enable Polling for Cybereason EPP Malops.

Commands (37)

  • cybereason-add-comment

    Add new comment to malop.

  • cybereason-archive-sensor

    Archives a Sensor.

  • cybereason-available-remediation-actions

    Get all remediation action details whatever available for that malop.

  • cybereason-block-file

    Block a file only in particular machine. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop).

  • cybereason-close-file-batch-id

    Aborts a file download operation that is in progress.

  • cybereason-delete-registry-key

    Delete a registry entry associated with a malicious process. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop).

  • cybereason-delete-sensor

    Deletes a Sensor.

  • cybereason-download-file

    Downloads the actual file to the machine.

  • cybereason-fetch-scan-status

    Get the results for host scanning.

  • cybereason-fetchfile-progress

    Return a batch id for files waiting for download.

  • cybereason-get-machine-details

    Get the Machine FQDN and Machine Group Details.

  • cybereason-get-sensor-id

    Get the Sensor ID of a machine.

  • cybereason-is-probe-connected

    Checks if the machine is currently connected to the Cybereason server.

  • cybereason-isolate-machine

    Isolates a machine that has been infected from the rest of the network.

  • cybereason-kill-prevent-unsuspend

    Prevent detected ransomware from running on the machine. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop).

  • cybereason-kill-process

    Kill a processes for the malicious file. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop).

  • cybereason-malop-processes

    Returns a list of malops.

  • cybereason-malware-query

    Malware query with options and values to filter.

  • cybereason-prevent-file

    Prevent malop process file.

  • cybereason-process-attack-tree

    Get Process Attack Tree URL.

  • cybereason-quarantine-file

    Quarantine the detected malicious file in a secure location. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop).

  • cybereason-query-connections

    Searches for connections.

  • cybereason-query-domain

    Query domains as part of investigation.

  • cybereason-query-file

    Query files as part of investigation.

  • cybereason-query-malop-management

    Get Management Malop details.

  • cybereason-query-malops

    Returns a list of all Malops and details on the Malops.

  • cybereason-query-processes

    Searches for processes with various filters.

  • cybereason-query-user

    Query users as part of investigation.

  • cybereason-start-fetchfile

    Start fetching the file to download.

  • cybereason-start-host-scan

    Start or stop a full or quick scan for a host.

  • cybereason-unarchive-sensor

    Unarchives a Sensor.

  • cybereason-unisolate-machine

    Stops isolation of a machine.

  • cybereason-unprevent-file

    Unprevent malop process file.

  • cybereason-unquarantine-file

    Unquarantine the detected malicious file in a secure location. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop).

  • cybereason-unsuspend-process

    Prevent a file associated with ransomware. (User will get inputs by executing the 'cybereason-available-remediation-actions' command if this remediation action is available for that Malop).

  • cybereason-update-malop-investigation-status

    Updates malop investigation status.

  • cybereason-update-malop-status

    Updates malop status.