Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
---|---|---|---|---|---|---|---|
Malware | ✅ | cybereason_malware | NDJSON | API | |||
Sensors | ✅ | ✅ | cybereason_sensors | NDJSON | API |
Overview
Cybereason provides a next-generation antivirus (NGAV) solution that safeguards company endpoints against highly advanced and unknown security threats, including ransomware and fileless attacks.
Integrating Cybereason into Hunters will allow collection and ingestion of key data types into the datalake. Furthermore, alerts will be created over the logs, auto-investigated and correlated to other related signals.
Supported data types
Cybereason's API provides the following data types:
Malware
Table name: cybereason_malware
Lists the details for the collected malware in the environment.
Sensors
Table name: cybereason_sensors
Lists all the sensors which were implemented by Cybereason
Send data to Hunters
Hunters supports the collection of logs from Cybereason using API.
To connect Cybereason logs:
Gather the following information from your Cybereason account:
Client domain (should be with the following pattern: user@domain)
Client username
Client password
📘Note
The provided user should have Super user permissions.
Complete the process on the Hunters platform, following this process.
Expected format
In case Cybereason events are already being collected on your environment, it is possible to ship them to Hunters via a shared AWS S3 bucket. Logs are expected in JSON format.
Malware
{
"guid": "1428",
"timestamp": 1660158463435,
"name": "name",
"type": "KnownMalware",
"elementType": "File",
"machineName": "john's machine",
"status": "Detected",
"needsAttention": false,
"referenceGuid": "14286371",
"referenceElementType": "File",
"score": 0.0,
"detectionValue": "value",
"detectionValueType": "DVT_FILE",
"detectionEngine": "AntiVirus",
"malwareDataModel": {
"@class": ".BaseFileMalwareDataModel",
"type": "KnownMalware",
"detectionName": "Trojan.Generic",
"filePath": "/Users/user/Library/Trial/v6/Database/file"
},
"id": {
"guid": "1428637194.5",
"timestamp": 1660158463435,
"malwareType": "KnownMalware",
"elementType": "File"
},
"schedulerScan": false
}
Sensors
{
"sensorId":"id",
"pylumId":"Pylum",
"guid":"guid",
"fqdn":"fqdn",
"machineName":"machine",
"internalIpAddress":"192.168.1.1",
"externalIpAddress":"2.1.1.1",
"siteName":"site",
"siteId":0,
"ransomwareStatus":"DISABLED",
"preventionStatus":"NOT_INSTALLED",
"isolated":false,
"disconnectionTime":1665039360493,
"lastPylumInfoMsgUpdateTime":1665039048911,
"lastPylumUpdateTimestampMs":1665039360493,
"status":"Offline",
"serviceStatus":"Down",
"onlineTimeMS":0,
"offlineTimeMS":0,
"staleTimeMS":0,
"archiveTimeMs":null,
"statusTimeMS":0,
"lastStatusAction":"None",
"archivedOrUnarchiveComment":"",
"sensorArchivedByUser":"",
"serverName":"server",
"serverId":"id",
"serverIp":"10.1.1.1",
"privateServerIp":"10.1.1.1",
"collectiveUuid":"uuid",
"osType":"OSX",
"osVersionType":"Monterey_12",
"collectionStatus":"ENABLED",
"version":"1.1.1.0",
"consoleVersion":null,
"firstSeenTime":1625047496227,
"upTime":844684,
"cpuUsage":0.0,
"memoryUsage":0,
"outdated":true,
"amStatus":"AM_DETECT_ONLY",
"amModeOrigin":null,
"avDbVersion":"ver",
"avDbLastUpdateTime":1665029579000,
"powerShellStatus":"PS_DISABLED",
"remoteShellStatus":"AC_DISABLED",
"usbStatus":"DISABLED",
"fwStatus":"DISABLED",
"antiExploitStatus":"AE_UNKNOWN",
"documentProtectionStatus":"DS_UNKNOWN",
"documentProtectionMode":"DM_UNKNOWN",
"serialNumber":"",
"deviceModel":"MacBookPro17,1",
"organizationalUnit":"",
"antiMalwareStatus":"AM_ENABLED",
"antiMalwareModeOrigin":null,
"organization":"org",
"proxyAddress":"",
"preventionError":"",
"exitReason":"STOP_REQUEST_FROM_PYLUM",
"actionsInProgress":0,
"pendingActions":[
],
"lastUpgradeResult":"Succeeded",
"department":null,
"location":null,
"criticalAsset":null,
"deviceType":null,
"customTags":null,
"lastUpgradeSteps":[
{
"name":"Started",
"startTime":1631697376839
},
{
"name":"SendingMsi",
"startTime":1631697376882
},
{
"name":"InProgress",
"startTime":1631697389025
},
{
"name":"Succeeded",
"startTime":1631697439416
}
],
"disconnected":true,
"staticAnalysisDetectMode":"DISABLED",
"staticAnalysisDetectModeOrigin":null,
"staticAnalysisPreventMode":"DISABLED",
"staticAnalysisPreventModeOrigin":null,
"collectionComponents":[
],
"sensorLastUpdate":0,
"fullScanStatus":"IDLE",
"quickScanStatus":"IDLE",
"lastFullScheduleScanSuccessTime":0,
"lastQuickScheduleScanSuccessTime":0,
"policyName":"Default",
"deliveryTime":1663137867278,
"policyId":"policy",
"compliance":false,
"groupId":"00000000-0000-0000-0000-000000000000",
"groupName":"Unassigned",
"groupStickiness":false,
"purgedSensors":false,
"sensorPurgedByUser":null,
"purgeTimestamp":null,
"groupStickinessLabel":"Dynamic"
}